usn-4767-1
Vulnerability from osv_ubuntu
Fu Chuang discovered that Zabbix did not properly parse IPs. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2020-11800)
It was discovered that Zabbix incorrectly handled certain requests. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. (CVE-2017-2824, CVE-2017-2825)
It was discovered that Zabbix incorrectly handled certain XML files. A remote attacker could possibly use this issue to read arbitrary files or potentially execute arbitrary code. This issue only affected Ubuntu 14.04 ESM. (CVE-2014-3005)
It was discovered that Zabbix incorrectly handled certain inputs. A remote attacker could possibly use this issue to execute arbitrary SQL commands. This issue only affected Ubuntu 14.04 ESM. (CVE-2016-10134, CVE-2016-4338)
It was discovered that Zabbix incorrectly handled the request parameter. A remote attacker could possibly use this issue to redirect requests to external links. This issue only affected Ubuntu 14.04 ESM and Ubuntu 18.04 ESM. (CVE-2016-10742)
It was discovered that Zabbix incorrectly handled failed login attempts. A remote attacker could possibly use this issue to enumerate users. (CVE-2019-15132)
It was discovered that Zabbix did not properly validate input. A remote attacker could exploit this to conduct cross-site scripting (XSS) attacks. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. (CVE-2020-15803)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2019-15132",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm4"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm4"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm4"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm4"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm4"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm4"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm4"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:2.2.2+dfsg-1ubuntu1+esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "zabbix",
"purl": "pkg:deb/ubuntu/zabbix@1:2.2.2+dfsg-1ubuntu1+esm4?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.2.2+dfsg-1ubuntu1+esm4"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.0.6+dfsg-1ubuntu2",
"1:2.2.0+dfsg-1ubuntu1",
"1:2.2.0+dfsg-6ubuntu1",
"1:2.2.1+dfsg-1ubuntu3",
"1:2.2.2+dfsg-1ubuntu1",
"1:2.2.2+dfsg-1ubuntu1+esm1",
"1:2.2.2+dfsg-1ubuntu1+esm3"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2019-15132",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm3"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm3"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm3"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm3"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm3"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm3"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm3"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:2.4.7+dfsg-2ubuntu2.1+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "zabbix",
"purl": "pkg:deb/ubuntu/zabbix@1:2.4.7+dfsg-2ubuntu2.1+esm3?arch=source\u0026distro=esm-apps/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:2.4.7+dfsg-2ubuntu2.1+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:2.4.6+dfsg-1",
"1:2.4.7+dfsg-1",
"1:2.4.7+dfsg-2",
"1:2.4.7+dfsg-2ubuntu2",
"1:2.4.7+dfsg-2ubuntu2.1",
"1:2.4.7+dfsg-2ubuntu2.1+esm1",
"1:2.4.7+dfsg-2ubuntu2.1+esm2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2019-15132",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm3"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm3"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm3"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm3"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm3"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm3"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm3"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:3.0.12+dfsg-1ubuntu0.1~esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "zabbix",
"purl": "pkg:deb/ubuntu/zabbix@1:3.0.12+dfsg-1ubuntu0.1~esm3?arch=source\u0026distro=esm-apps/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:3.0.12+dfsg-1ubuntu0.1~esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:3.0.7+dfsg-3",
"1:3.0.12+dfsg-1",
"1:3.0.12+dfsg-1ubuntu0.1~esm1",
"1:3.0.12+dfsg-1ubuntu0.1~esm2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2019-15132",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-15803",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "zabbix-agent",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-frontend-php",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-java-gateway",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-proxy-mysql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-proxy-pgsql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-proxy-sqlite3",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-server-mysql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm1"
},
{
"binary_name": "zabbix-server-pgsql",
"binary_version": "1:4.0.17+dfsg-1ubuntu0.1~esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "zabbix",
"purl": "pkg:deb/ubuntu/zabbix@1:4.0.17+dfsg-1ubuntu0.1~esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1:4.0.17+dfsg-1ubuntu0.1~esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1:4.0.4+dfsg-1build2",
"1:4.0.4+dfsg-1build3",
"1:4.0.11+dfsg-1",
"1:4.0.14+dfsg-1",
"1:4.0.15+dfsg-1",
"1:4.0.16+dfsg-1",
"1:4.0.16+dfsg-1build1",
"1:4.0.17+dfsg-1"
]
}
],
"aliases": [],
"details": "Fu Chuang discovered that Zabbix did not properly parse IPs. A remote\nattacker could possibly use this issue to execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.\n(CVE-2020-11800)\n\nIt was discovered that Zabbix incorrectly handled certain requests. A\nremote attacker could possibly use this issue to execute arbitrary code.\nThis issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.\n(CVE-2017-2824, CVE-2017-2825)\n\nIt was discovered that Zabbix incorrectly handled certain XML files. A\nremote attacker could possibly use this issue to read arbitrary files or\npotentially execute arbitrary code. This issue only affected\nUbuntu 14.04 ESM. (CVE-2014-3005)\n\nIt was discovered that Zabbix incorrectly handled certain inputs. A remote\nattacker could possibly use this issue to execute arbitrary SQL commands.\nThis issue only affected Ubuntu 14.04 ESM. (CVE-2016-10134, CVE-2016-4338)\n\nIt was discovered that Zabbix incorrectly handled the request parameter. A\nremote attacker could possibly use this issue to redirect requests to\nexternal links. This issue only affected Ubuntu 14.04 ESM and\nUbuntu 18.04 ESM. (CVE-2016-10742)\n\nIt was discovered that Zabbix incorrectly handled failed login attempts. A\nremote attacker could possibly use this issue to enumerate users.\n(CVE-2019-15132)\n\nIt was discovered that Zabbix did not properly validate input. A remote\nattacker could exploit this to conduct cross-site scripting (XSS) attacks.\nThis issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and\nUbuntu 20.04 ESM. (CVE-2020-15803)\n",
"id": "USN-4767-1",
"modified": "2026-06-29T10:52:48Z",
"published": "2022-06-15T08:28:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-4767-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2014-3005"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-4338"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-10134"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2016-10742"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-2824"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-2825"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2019-15132"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-11800"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-15803"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "zabbix vulnerabilities",
"upstream": [
"UBUNTU-CVE-2014-3005",
"UBUNTU-CVE-2016-4338",
"UBUNTU-CVE-2016-10134",
"UBUNTU-CVE-2016-10742",
"UBUNTU-CVE-2017-2824",
"UBUNTU-CVE-2017-2825",
"UBUNTU-CVE-2019-15132",
"UBUNTU-CVE-2020-11800",
"UBUNTU-CVE-2020-15803"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.