[Git][security-tracker-team/security-tracker][master] CVE-2024-36464/zabbix not fixed upstream in 6.0.30c1

Tobias Frost (@tobi) tobi at debian.org
Sat Dec 7 12:35:30 GMT 2024 


Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker


Commits:
640cf95c by Tobias Frost at 2024-12-07T13:31:11+01:00
CVE-2024-36464/zabbix not fixed upstream in 6.0.30c1

(see
https://support.zabbix.com/browse/ZBX-25630?focusedCommentId=1026630&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-1026630
upstream report)

Quote:
I've just installed 6.0.34 from your Debian repository, and I'm probably holding it wrong, but I *think* I still can reproduce this on 6.0.36

root at isildor2:/etc# dpkg -l 'zabbix*' | grep ^ii
ii  zabbix-agent        1:6.0.36-1+debian12 amd64        Zabbix network monitoring solution - agent
ii  zabbix-apache-conf  1:6.0.36-1+debian12 all          Zabbix network monitoring solution - apache configuration for front-end
ii  zabbix-frontend-php 1:6.0.36-1+debian12 all          Zabbix network monitoring solution - PHP front-end
ii  zabbix-release      1:6.0-5+debian12    all          Zabbix official repository configuration
ii  zabbix-server-mysql 1:6.0.36-1+debian12 amd64        Zabbix network monitoring solution - server (MySQL)
ii  zabbix-sql-scripts  1:6.0.36-1+debian12 all          Zabbix network monitoring solution - sql-scripts

Reproducer:

    Login as Admin
    Create a Media Type
        Type "Email"
        Set Authentication to "Username and Password"
        Enter Username (I've used "test-user")
        Enter Password (I've used "test-password")
        Save
    Select created entry
    Export it

Yields to:

zabbix_export:
  version: '6.0'
  date: '2024-12-07T12:21:30Z'
  media_types:
    - name: test-with-password
      type: EMAIL
      smtp_server: mail.example.com
      smtp_helo: example.com
      smtp_email: zabbix at example.com
      smtp_authentication: PASSWORD
      username: test-user
      password: test-password
      status: DISABLED

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2121,6 +2121,8 @@ CVE-2024-36468 (The reported vulnerability is a stack buffer overflow in the zbx
 CVE-2024-36464 (When exporting media types, the password is exported in the YAML in pl ...)
 	- zabbix <unfixed> (bug #1088689)
 	NOTE: https://support.zabbix.com/browse/ZBX-25630
+	NOTE: Despite upstream claiming fixed in 6.0.30rc1, can reproduce with 6.0.36 (package from upstream)
+	NOTE: Can also reproduce it in 5.0.45 and 7.0.6+dfsg-1.
 CVE-2024-31976 (EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker ...)
 	NOT-FOR-US: EnGenius EWS356-FIR
 CVE-2024-21703 (This Medium severity Security Misconfiguration vulnerability was intro ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/640cf95c02dc6525dfb27118109529ab7bccce39

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/640cf95c02dc6525dfb27118109529ab7bccce39
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241207/f4e9cedc/attachment.htm>

More information about the debian-security-tracker-commits mailing list