GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Jan 21, 2021 7:26 pm Post subject: [ GLSA 202101-11 ] Zabbix |
 |
|
Gentoo Linux Security Advisory
Title: Zabbix: Root privilege escalation (GLSA 202101-11)
Severity: normal
Exploitable: local
Date: 2021-01-21
Bug(s): #629882, #629884
ID: 202101-11
Synopsis
Multiple vulnerabilities were discovered in Gentoo's ebuild for
Zabbix which could lead to root privilege escalation.
Background
Zabbix is software for monitoring applications, networks, and servers.
Affected Packages
Package: net-analyzer/zabbix
Vulnerable: < 4.4.6
Unaffected: >= 3.0.30
Unaffected: >= 4.0.18
Architectures: All supported architectures
Description
It was discovered that Gentoo’s Zabbix ebuild did not properly set
permissions or placed the pid file in an unsafe directory.
Impact
A local attacker could escalate privileges.
Workaround
There is no known workaround at this time.
Resolution
All Zabbix 3.0.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=net-analyzer/zabbix-3.0.30:0/3.0"
|
All Zabbix 4.0.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=net-analyzer/zabbix-4.0.18:0/4.0"
|
All other Zabbix users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-analyzer/zabbix-4.4.6"
|
|
|
News & Announcements
