A vulnerability in Zabbix could allow remote attackers to execute arbitrary shell code.
Package | net-analyzer/zabbix on all architectures |
---|---|
Affected versions | < 2.0.9-r1 |
Unaffected versions | >= 2.0.9-r1 |
Zabbix is software for monitoring applications, networks, and servers.
If a flexible user parameter is configured in Zabbix agent, including a newline in the parameters will execute newline section as a separate command even if UnsafeUserParameters are disabled.
A remote attacker could possibly execute arbitrary shell code with the privileges of the process.
There is no known workaround at this time.
All Zabbix 2.2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/zabbix-2.2.0-r4"
All Zabbix 2.0 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-analyzer/zabbix-2.0.9-r1"
Release date
January 23, 2014
Latest revision
June 02, 2014: 2
Severity
high
Exploitable
remote
Bugzilla entries