Ad Widget

**Aly** · 04-03-2009, 16:24

V. WORKAROUND

Update zabbix from svn the server (svn://svn.zabbix.com) or download
version 1.6.3 when aviable.

**static** · 04-03-2009, 16:27

Originally posted by Aly

V. WORKAROUND

Update zabbix from svn the server (svn://svn.zabbix.com) or download
version 1.6.3 when aviable.

Yes, I did see that in the exploit, but wanted to hear something from zabbix.

Thanks!

**kenr** · 06-03-2009, 02:47

Release of 1.6.3

When will 1.6.3 be publicly available?

**Riscaa** · 09-03-2009, 01:25

Any updates on when 1.6.3 is being released? I am being asked to roll zabbix out but I can't do it with the known bug... I don't want to roll out a test release either.

**ashuji** · 13-03-2009, 11:44

How to update

Please help and suggest, how did you upgrade/update zabbix from SVN downloads.

Regards

Ashwani Jain

**swaterhouse** · 13-03-2009, 14:32

http://www.zabbix.com/developers.php

**marcis** · 20-03-2009, 12:09

Nasing spešal

According to http://milw0rm.com/exploits/8140

First vulnureability is eliminated with "magic_quotes_gpc on" in php.ini (if php is older than 6.0 http://it2.php.net/magic_quotes)

Second is a matter of users obscurity, so I'd suspect that by working with care (and trusting noone) it could be avoided.

The third "should be eliminated" with the "magic_quotes_gpc on" in php.ini, but for me it didn't work because of "open_basedir restriction in effect"

So for now it is OK, still, it's quite confusing that, acroding to advisory timeline, zabbix team responded pretty slow

Code:

20081215 Bug discovered
20090116 Initial vendor contact
20090116 Vendor Response (Fixes will be included in Zabbix 1.6.3)
20090130 Second email (When this is going to be fixed?)
20090131 Vendor Response (Everything has been fixed a week ago and is
         publicy aviable in the SVN, Zabbix 1.6.3 will be released
         within 10-15 days)
20090220 Third email (20 days elasped and no response, we will release
         on 23 Feb)
20090220 Vendor Response (Postpone of 5-10 days required)
20090220 Third email (We will wait 5-10 days, 2 March is the deadline
         if no contact)
20090303 Forced Advisory Release

**Aly** · 20-03-2009, 12:56

Responded same day..

20090116 Initial vendor contact
20090116 Vendor Response

In hour 2 problems been fixed, few days later the 3rd one was fixed too. I don't think that this is "slow".

**ashuji** · 23-03-2009, 08:50

Graphs not working after frondend update

Hi,

I downloaded nightly build from zabbix (wget http://www.zabbix.com/downloads/nigh...bix-1.6.tar.gz) and coped direcotyr php to /var/www/html/zabbix. Reconfigured the frond end and started using zabbix.

Everything was working OK EXCEPT graphs. If I try to look at graphs of any ITEM it does not show graphs, please check the screenshot attached:

Kindy suggest solution.

Regards

Ashwani Jain

Attached Files

**Aly** · 23-03-2009, 18:08

Hmm, there shouldn't be any problem. There is no problem displaying graphs in the latest revision.

Ad Widget

Zabbix 1.6.2 exploit - Patch?

Zabbix 1.6.2 exploit - Patch?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment