Test ID:	1.3.6.1.4.1.25623.1.1.12.2022.4767.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4767-1)
Summary:	The remote host is missing an update for the 'zabbix' package(s) announced via the USN-4767-1 advisory.
Description:	Summary: The remote host is missing an update for the 'zabbix' package(s) announced via the USN-4767-1 advisory. Vulnerability Insight: Fu Chuang discovered that Zabbix did not properly parse IPs. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-11800) It was discovered that Zabbix incorrectly handled certain requests. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-2824, CVE-2017-2825) It was discovered that Zabbix incorrectly handled certain XML files. A remote attacker could possibly use this issue to read arbitrary files or potentially execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3005) It was discovered that Zabbix incorrectly handled certain inputs. A remote attacker could possibly use this issue to execute arbitrary SQL commands. This issue only affected Ubuntu 14.04 ESM. (CVE-2016-10134, CVE-2016-4338) It was discovered that Zabbix incorrectly handled the request parameter. A remote attacker could possibly use this issue to redirect requests to external links. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2016-10742) It was discovered that Zabbix incorrectly handled failed login attempts. A remote attacker could possibly use this issue to enumerate users. (CVE-2019-15132) It was discovered that Zabbix did not properly validate input. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-15803) Affected Software/OS: 'zabbix' package(s) on Ubuntu 14.04, Ubuntu 16.04, Ubuntu 18.04, Ubuntu 20.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-3005 BugTraq ID: 68075 http://www.securityfocus.com/bid/68075 http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html http://lists.fedoraproject.org/pipermail/package-announce/2014-June/134909.html http://seclists.org/fulldisclosure/2014/Jun/87 https://web.archive.org/web/20140622034155/http://www.pnigos.com:80/?p=273 Common Vulnerability Exposure (CVE) ID: CVE-2016-10134 BugTraq ID: 95423 http://www.securityfocus.com/bid/95423 Debian Security Information: DSA-3802 (Google Search) http://www.debian.org/security/2017/dsa-3802 https://code610.blogspot.com/2017/10/zbx-11023-quick-autopsy.html http://www.openwall.com/lists/oss-security/2017/01/12/4 http://www.openwall.com/lists/oss-security/2017/01/13/4 Common Vulnerability Exposure (CVE) ID: CVE-2016-10742 https://support.zabbix.com/browse/ZBX-10272 https://support.zabbix.com/browse/ZBX-13133 https://lists.debian.org/debian-lts-announce/2019/03/msg00010.html https://lists.debian.org/debian-lts-announce/2020/11/msg00039.html Common Vulnerability Exposure (CVE) ID: CVE-2016-4338 BugTraq ID: 89631 http://www.securityfocus.com/bid/89631 Bugtraq: 20160503 CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection (Google Search) http://www.securityfocus.com/archive/1/538258/100/0/threaded https://www.exploit-db.com/exploits/39769/ http://seclists.org/fulldisclosure/2016/May/9 https://security.gentoo.org/glsa/201612-42 http://packetstormsecurity.com/files/136898/Zabbix-Agent-3.0.1-mysql.size-Shell-Command-Injection.html Common Vulnerability Exposure (CVE) ID: CVE-2017-2824 BugTraq ID: 98083 http://www.securityfocus.com/bid/98083 Debian Security Information: DSA-3937 (Google Search) http://www.debian.org/security/2017/dsa-3937 https://talosintelligence.com/vulnerability_reports/TALOS-2017-0325 Common Vulnerability Exposure (CVE) ID: CVE-2017-2825 BugTraq ID: 98094 http://www.securityfocus.com/bid/98094 https://www.debian.org/security/2017/dsa-3937 https://talosintelligence.com/vulnerability_reports/TALOS-2017-0326 Common Vulnerability Exposure (CVE) ID: CVE-2019-15132 https://support.zabbix.com/browse/ZBX-16532 https://lists.debian.org/debian-lts-announce/2021/04/msg00018.html https://lists.debian.org/debian-lts-announce/2023/04/msg00013.html Common Vulnerability Exposure (CVE) ID: CVE-2020-11800 http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2020-15803 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2ZHHIUYIVA5GZYLKW6A5G6HRELPOBZFE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TIRIMOXH6GSBAANDCB3ANLJK4CRLWRXT/ https://support.zabbix.com/browse/ZBX-18057 https://lists.debian.org/debian-lts-announce/2020/08/msg00007.html SuSE Security Announcement: openSUSE-SU-2020:1604 (Google Search)
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.