Debian update for zabbix

Published: 2017-08-12

Risk	High
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2017-2824 CVE-2017-2825
CWE-ID	CWE-77 CWE-20
Exploitation vector	Network
Public exploit	Public exploit code for vulnerability #1 is available.
Vulnerable software	Debian Linux Operating systems & Components / Operating system
Vendor	Debian

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Command injection

EUVDB-ID: #VU6430

Risk: High

CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2017-2824

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to execute arbitrary code on a targeted system.

The weakness exists due to insufficient validation of user-supplied input by the trapper command function. An attacker can submitt specially crafted packets from an active Zabbix proxy, inject arbitrary commands and execute arbitrary code on the targeted system.

Successful exploitation of the vulnerability results in arbitrary code execution.

Proof-of-concept code demonstrating an exploit of this vulnerability is publicly available.

Mitigation

Update the affected package to version: 1:2.2.7+dfsg-2+deb8u3

Vulnerable software versions

Debian Linux: All versions

CPE2.3

cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*

External links

https://support.zabbix.com/browse/ZBX-12075

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Improper input validation

EUVDB-ID: #VU12115

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-2825

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to write arbitrary files on the target system.

The weakness exists in the trapper functionality due to insufficient validation of trapper packets. A remote attacker can submit specially crafted trapper packets, bypass database logic checks, perform man-in-the-middle attack between an active Zabbix proxy and the target Zabbix server, alter the trapper requests made between the Zabbix proxy and the target server and perform database writes.

Mitigation

Update the affected package to version: 1:2.2.7+dfsg-2+deb8u3

Vulnerable software versions

Debian Linux: All versions

CPE2.3

cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*

External links

https://support.zabbix.com/browse/ZBX-12076

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.