CVE-2016-4338

high-risk

Published 2017-01-23

The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.

Do I need to act?

45.0% chance of exploitation in next 30 days

EPSS score — higher than 55% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

39769

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.1/10 High

NETWORK / HIGH complexity

Affected Products (20)

Zabbix

Affected Vendors

Zabbix

References (20)

Exploit http://packetstormsecurity.com/files/136898/Zabbix-Agent-3.0.1-mysql.size-Shell-...

Exploit http://seclists.org/fulldisclosure/2016/May/9

http://www.securityfocus.com/archive/1/538258/100/0/threaded

Third Party Advisory http://www.securityfocus.com/bid/89631

Third Party Advisory https://security.gentoo.org/glsa/201612-42

Exploit https://support.zabbix.com/browse/ZBX-10741

Exploit https://www.exploit-db.com/exploits/39769/

Vendor Advisory https://www.zabbix.com/documentation/2.0/manual/introduction/whatsnew2018#miscel...

Vendor Advisory https://www.zabbix.com/documentation/2.2/manual/introduction/whatsnew2213#miscel...

Vendor Advisory https://www.zabbix.com/documentation/3.0/manual/introduction/whatsnew303#miscell...