|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Mar 04 2009 - 10:24:05 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Did you know? Our assessment and impact rating along with detailed
information such as exploit code availability, or if an updated patch
is released by the vendor, is not part of this mailing-list?
Click here to learn more about our commercial solutions:
http://secunia.com/advisories/business_solutions/
Click here to trial our solutions:
http://secunia.com/advisories/try_vi/
----------------------------------------------------------------------
TITLE:
ZABBIX PHP Frontend Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA34091
VERIFY ADVISORY:
http://secunia.com/advisories/34091/
DESCRIPTION:
Some vulnerabilities have been reported in the ZABBIX PHP frontend,
which can be exploited by malicious people to conduct cross-site
request forgery attacks and malicious users to disclose sensitive
information and compromise a vulnerable system.
1) Input appended to and passed via the "extlang" parameter to the
"calc_exp2()" function in include/validate.inc.php is not properly
sanitised before being used. This can be exploited to inject and
execute arbitrary PHP code.
2) The application allows users to perform certain actions via HTTP
requests without performing any validity checks to verify the
requests. This can be exploited to e.g. create users by enticing a
logged in administrator to visit a malicious web page.
3) Input passed to the "srclang" parameter in locales.php (when
"next" is set to a non-NULL value) is not properly verified before
being used to include files. This can be exploited to include
arbitrary files from local resources via directory traversal attacks
and URL-encoded NULL bytes.
The vulnerabilities are reported in version 1.6.2. Other versions may
also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised and
verified..
Do not visit untrusted web sites while logged on to the application.
PROVIDED AND/OR DISCOVERED BY:
Antonio "s4tan" Parata, Francesco "ascii" Ongaro, and Giovanni
"evilaliv3" Pellerano.
ORIGINAL ADVISORY:
http://www.ush.it/team/ush/hack-zabbix_162/adv.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]