CVE-2007-6210
First published: Tue Dec 04 2007(Updated: )
zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zabbix | =1.1.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452682
- http://secunia.com/advisories/27903
- http://secunia.com/advisories/27948
- http://secunia.com/advisories/27978
- http://www.debian.org/security/2007/dsa-1420
- http://www.securityfocus.com/bid/26680
- http://www.zabbix.com/forum/showthread.php?t=8400
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00196.html
- https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00232.html
Frequently Asked Questions
What is the severity of CVE-2007-6210?
CVE-2007-6210 has a moderate severity rating due to the potential for local privilege escalation.
How do I fix CVE-2007-6210?
To fix CVE-2007-6210, upgrade from ZABBIX agentd version 1.1.4 to a version that is 1.4.3 or higher.
What systems are affected by CVE-2007-6210?
CVE-2007-6210 specifically affects Zabbix agentd version 1.1.4.
What kind of attack does CVE-2007-6210 allow?
CVE-2007-6210 allows local users to execute scripts with elevated privileges.
Is CVE-2007-6210 still relevant today?
While CVE-2007-6210 is an older vulnerability, it remains relevant for systems still running unsupported versions of Zabbix.
- agent/weakness
- agent/severity
- agent/references
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/event
- agent/type
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- agent/author
- vendor/zabbix
- canonical/zabbix
- version/zabbix/1.1.4