Detections
Analytics

MiracleLinux 3 : zabbix-1.6.9-2.AXS3 (AXSA:2011-372:01)

medium Nessus Plugin ID 284152

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-372:01 advisory.

 ZABBIX is software that monitors numerous parameters of a network and the health and integrity of servers.
 ZABBIX uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. ZABBIX offers excellent reporting and data visualisation features based on the stored data. This makes ZABBIX ideal for capacity planning.
 ZABBIX supports both polling and trapping. All ZABBIX reports and statistics, as well as configuration parameters are accessed through a web-based front end. A web-based front end ensures that the status of your network and the health of your servers can be assessed from any location. Properly configured, ZABBIX can play an important role in monitoring IT infrastructure. This is equally true for small organisations with a few servers and for large companies with a multitude of servers.
 Security issues fixed with this release:
 CVE-2011-3263 zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU consumption) by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device.
 CVE-2011-3264 Zabbix before 1.8.6 allows remote attackers to obtain sensitive information via an invalid srcfld2 parameter to popup.php, which reveals the installation path in an error message.
 CVE-2011-3265 popup.php in Zabbix before 1.8.7 allows remote attackers to read the contents of arbitrary database tables via a modified srctbl parameter.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://tsn.miraclelinux.com/en/node/2085

Plugin Details

Severity: Medium

ID: 284152

File Name: miracle_linux_AXSA-2011-372.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2011-3265

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2011-3264

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:zabbix-web, p-cpe:/a:miracle:linux:zabbix-proxy, p-cpe:/a:miracle:linux:zabbix-proxy-mysql, p-cpe:/a:miracle:linux:zabbix, p-cpe:/a:miracle:linux:zabbix-server, cpe:/o:miracle:linux:3, p-cpe:/a:miracle:linux:zabbix-web-mysql, p-cpe:/a:miracle:linux:zabbix-server-mysql, p-cpe:/a:miracle:linux:zabbix-agent

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/30/2011

Vulnerability Publication Date: 5/9/2011

Reference Information

CVE: CVE-2011-3263, CVE-2011-3264, CVE-2011-3265