thr3ads.net - Secure testing team - [Secure-testing-team] Bug#577058: CVE-2010-1277: SQL injection vulnerability [Apr 2010]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2010-Apr-09 09:19 UTC

[Secure-testing-team] Bug#577058: CVE-2010-1277: SQL injection vulnerability

Package: zabbix
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for zabbix.

CVE-2010-1277[0]:
| SQL injection vulnerability in the user.authenticate method in the API
| in Zabbix 1.8 before 1.8.2 allows remote attackers to execute
| arbitrary SQL commands via the user parameter in JSON data to
| api_jsonrpc.php.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1277
    http://security-tracker.debian.org/tracker/CVE-2010-1277


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAku+8QYACgkQNxpp46476aohxgCeOJ/ft09ZEbsVRZQfZGKPOStl
dsIAni/gOpxw+gb/ZGH7pbP8ItreKgGH
=GH0v
-----END PGP SIGNATURE-----

Secure testing team - Apr 2010 - Bug#577058: CVE-2010-1277: SQL injection vulnerability

[Secure-testing-team] Bug#577058: CVE-2010-1277: SQL injection vulnerability