Errata ALT-PU-2024-1355-2: Information

Package name: zabbix
Version: 6.0.25-alt0.p10.3
Bulletin updated: Jan. 26, 2024
Task: #338813

Fixes

Published: Dec. 18, 2023

BDU:2024-00033

Уязвимость функции icmpping универсальной системы мониторинга Zabbix, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (7.2) Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 18, 2023

BDU:2024-00645

Уязвимость компонента DNS Response Handler агента универсальной системы мониторинга Zabbix, позволяющая нарушителю вызвать переполнение буфера
Severity: HIGH (8.1) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 18, 2023
Modified: Jan. 25, 2024

CVE-2023-32726

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.
Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 18, 2023
Modified: Dec. 22, 2023

CVE-2023-32727

An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.
Severity: HIGH (7.2) Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Dec. 18, 2023
Modified: Dec. 22, 2023

CVE-2023-32728

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Links:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top