{"id":"USN-4767-1","summary":"zabbix vulnerabilities","details":"Fu Chuang discovered that Zabbix did not properly parse IPs. A remote\nattacker could possibly use this issue to execute arbitrary code. This\nissue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.\n(CVE-2020-11800)\n\nIt was discovered that Zabbix incorrectly handled certain requests. A\nremote attacker could possibly use this issue to execute arbitrary code.\nThis issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.\n(CVE-2017-2824, CVE-2017-2825)\n\nIt was discovered that Zabbix incorrectly handled certain XML files. A\nremote attacker could possibly use this issue to read arbitrary files or\npotentially execute arbitrary code. This issue only affected\nUbuntu 14.04 ESM. (CVE-2014-3005)\n\nIt was discovered that Zabbix incorrectly handled certain inputs. A remote\nattacker could possibly use this issue to execute arbitrary SQL commands.\nThis issue only affected Ubuntu 14.04 ESM. (CVE-2016-10134, CVE-2016-4338)\n\nIt was discovered that Zabbix incorrectly handled the request parameter. A\nremote attacker could possibly use this issue to redirect requests to\nexternal links. This issue only affected Ubuntu 14.04 ESM and\nUbuntu 18.04 ESM. (CVE-2016-10742)\n\nIt was discovered that Zabbix incorrectly handled failed login attempts. A\nremote attacker could possibly use this issue to enumerate users.\n(CVE-2019-15132)\n\nIt was discovered that Zabbix did not properly validate input. A remote\nattacker could exploit this to conduct cross-site scripting (XSS) attacks.\nThis issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and\nUbuntu 20.04 ESM. (CVE-2020-15803)\n","modified":"2026-02-10T04:42:05Z","published":"2022-06-15T08:28:18Z","related":["UBUNTU-CVE-2014-3005","UBUNTU-CVE-2016-10134","UBUNTU-CVE-2016-10742","UBUNTU-CVE-2016-4338","UBUNTU-CVE-2017-2824","UBUNTU-CVE-2017-2825","UBUNTU-CVE-2019-15132","UBUNTU-CVE-2020-11800","UBUNTU-CVE-2020-15803"],"upstream":["CVE-2014-3005","CVE-2016-10134","CVE-2016-10742","CVE-2016-4338","CVE-2017-2824","CVE-2017-2825","CVE-2019-15132","CVE-2020-11800","CVE-2020-15803","UBUNTU-CVE-2014-3005","UBUNTU-CVE-2016-10134","UBUNTU-CVE-2016-10742","UBUNTU-CVE-2016-4338","UBUNTU-CVE-2017-2824","UBUNTU-CVE-2017-2825","UBUNTU-CVE-2019-15132","UBUNTU-CVE-2020-11800","UBUNTU-CVE-2020-15803"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4767-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2014-3005"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-4338"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-10134"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-10742"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-2824"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-2825"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-15132"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-11800"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-15803"}],"affected":[{"package":{"name":"zabbix","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/zabbix@1:2.2.2+dfsg-1ubuntu1+esm4?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.2.2+dfsg-1ubuntu1+esm4"}]}],"versions":["1:2.0.6+dfsg-1ubuntu2","1:2.2.0+dfsg-1ubuntu1","1:2.2.0+dfsg-6ubuntu1","1:2.2.1+dfsg-1ubuntu3","1:2.2.2+dfsg-1ubuntu1","1:2.2.2+dfsg-1ubuntu1+esm1","1:2.2.2+dfsg-1ubuntu1+esm3"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"1:2.2.2+dfsg-1ubuntu1+esm4","binary_name":"zabbix-agent"},{"binary_version":"1:2.2.2+dfsg-1ubuntu1+esm4","binary_name":"zabbix-frontend-php"},{"binary_version":"1:2.2.2+dfsg-1ubuntu1+esm4","binary_name":"zabbix-java-gateway"},{"binary_version":"1:2.2.2+dfsg-1ubuntu1+esm4","binary_name":"zabbix-proxy-mysql"},{"binary_version":"1:2.2.2+dfsg-1ubuntu1+esm4","binary_name":"zabbix-proxy-pgsql"},{"binary_version":"1:2.2.2+dfsg-1ubuntu1+esm4","binary_name":"zabbix-proxy-sqlite3"},{"binary_version":"1:2.2.2+dfsg-1ubuntu1+esm4","binary_name":"zabbix-server-mysql"},{"binary_version":"1:2.2.2+dfsg-1ubuntu1+esm4","binary_name":"zabbix-server-pgsql"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4767-1.json","cves_map":{"cves":[{"id":"CVE-2019-15132","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:14.04:LTS"}}},{"package":{"name":"zabbix","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/zabbix@1:2.4.7+dfsg-2ubuntu2.1+esm3?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.4.7+dfsg-2ubuntu2.1+esm3"}]}],"versions":["1:2.4.6+dfsg-1","1:2.4.7+dfsg-1","1:2.4.7+dfsg-2","1:2.4.7+dfsg-2ubuntu2","1:2.4.7+dfsg-2ubuntu2.1","1:2.4.7+dfsg-2ubuntu2.1+esm1","1:2.4.7+dfsg-2ubuntu2.1+esm2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1:2.4.7+dfsg-2ubuntu2.1+esm3","binary_name":"zabbix-agent"},{"binary_version":"1:2.4.7+dfsg-2ubuntu2.1+esm3","binary_name":"zabbix-frontend-php"},{"binary_version":"1:2.4.7+dfsg-2ubuntu2.1+esm3","binary_name":"zabbix-java-gateway"},{"binary_version":"1:2.4.7+dfsg-2ubuntu2.1+esm3","binary_name":"zabbix-proxy-mysql"},{"binary_version":"1:2.4.7+dfsg-2ubuntu2.1+esm3","binary_name":"zabbix-proxy-pgsql"},{"binary_version":"1:2.4.7+dfsg-2ubuntu2.1+esm3","binary_name":"zabbix-proxy-sqlite3"},{"binary_version":"1:2.4.7+dfsg-2ubuntu2.1+esm3","binary_name":"zabbix-server-mysql"},{"binary_version":"1:2.4.7+dfsg-2ubuntu2.1+esm3","binary_name":"zabbix-server-pgsql"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4767-1.json","cves_map":{"cves":[{"id":"CVE-2019-15132","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:16.04:LTS"}}},{"package":{"name":"zabbix","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/zabbix@1:3.0.12+dfsg-1ubuntu0.1~esm3?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.0.12+dfsg-1ubuntu0.1~esm3"}]}],"versions":["1:3.0.7+dfsg-3","1:3.0.12+dfsg-1","1:3.0.12+dfsg-1ubuntu0.1~esm1","1:3.0.12+dfsg-1ubuntu0.1~esm2"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1:3.0.12+dfsg-1ubuntu0.1~esm3","binary_name":"zabbix-agent"},{"binary_version":"1:3.0.12+dfsg-1ubuntu0.1~esm3","binary_name":"zabbix-frontend-php"},{"binary_version":"1:3.0.12+dfsg-1ubuntu0.1~esm3","binary_name":"zabbix-java-gateway"},{"binary_version":"1:3.0.12+dfsg-1ubuntu0.1~esm3","binary_name":"zabbix-proxy-mysql"},{"binary_version":"1:3.0.12+dfsg-1ubuntu0.1~esm3","binary_name":"zabbix-proxy-pgsql"},{"binary_version":"1:3.0.12+dfsg-1ubuntu0.1~esm3","binary_name":"zabbix-proxy-sqlite3"},{"binary_version":"1:3.0.12+dfsg-1ubuntu0.1~esm3","binary_name":"zabbix-server-mysql"},{"binary_version":"1:3.0.12+dfsg-1ubuntu0.1~esm3","binary_name":"zabbix-server-pgsql"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4767-1.json","cves_map":{"cves":[{"id":"CVE-2019-15132","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"zabbix","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/zabbix@1:4.0.17+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:4.0.17+dfsg-1ubuntu0.1~esm1"}]}],"versions":["1:4.0.4+dfsg-1build2","1:4.0.4+dfsg-1build3","1:4.0.11+dfsg-1","1:4.0.14+dfsg-1","1:4.0.15+dfsg-1","1:4.0.16+dfsg-1","1:4.0.16+dfsg-1build1","1:4.0.17+dfsg-1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro","binaries":[{"binary_version":"1:4.0.17+dfsg-1ubuntu0.1~esm1","binary_name":"zabbix-agent"},{"binary_version":"1:4.0.17+dfsg-1ubuntu0.1~esm1","binary_name":"zabbix-frontend-php"},{"binary_version":"1:4.0.17+dfsg-1ubuntu0.1~esm1","binary_name":"zabbix-java-gateway"},{"binary_version":"1:4.0.17+dfsg-1ubuntu0.1~esm1","binary_name":"zabbix-proxy-mysql"},{"binary_version":"1:4.0.17+dfsg-1ubuntu0.1~esm1","binary_name":"zabbix-proxy-pgsql"},{"binary_version":"1:4.0.17+dfsg-1ubuntu0.1~esm1","binary_name":"zabbix-proxy-sqlite3"},{"binary_version":"1:4.0.17+dfsg-1ubuntu0.1~esm1","binary_name":"zabbix-server-mysql"},{"binary_version":"1:4.0.17+dfsg-1ubuntu0.1~esm1","binary_name":"zabbix-server-pgsql"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4767-1.json","cves_map":{"cves":[{"id":"CVE-2019-15132","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}]},{"id":"CVE-2020-15803","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}}],"schema_version":"1.7.3"}