FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Zabbix -- Remote code execution

Affected packages
zabbix2-proxy <= 2.0.20
zabbix2-server <= 2.0.20
zabbix22-proxy < 2.2.19
zabbix22-server < 2.2.19
zabbix3-proxy < 3.0.10
zabbix3-server < 3.0.10
zabbix32-proxy < 3.2.7
zabbix32-server < 3.2.7

Details

VuXML ID 5df8bd95-8290-11e7-93af-005056925db4
Discovery 2017-07-05
Entry 2017-08-16

mitre reports:

An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability.

References

CVE Name CVE-2017-2824
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2824
URL https://support.zabbix.com/browse/ZBX-12349