Candidate: CVE-2017-2824
PublicDate: 2017-05-24 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2824
 http://www.talosintelligence.com/reports/TALOS-2017-0325/
 http://www.talosintelligence.com/reports/TALOS-2017-0326/
Description:
 An exploitable code execution vulnerability exists in the trapper command
 functionality of Zabbix Server 2.4.X. A specially crafted set of packets
 can cause a command injection resulting in remote code execution. An
 attacker can make requests from an active Zabbix Proxy to trigger this
 vulnerability.
Ubuntu-Description:
 It was discovered that Zabbix incorrectly handled certain requests. A remote
 attacker could possibly use this issue to execute arbitrary code.
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/zabbix/+bug/1712993
Priority: high
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]

Patches_zabbix:
upstream_zabbix: released (1:3.0.7+dfsg-3)
precise_zabbix: ignored (reached end-of-life)
precise/esm_zabbix: DNE (precise was ignored [reached end-of-life])
trusty_zabbix: ignored (out of standard support)
trusty/esm_zabbix: needed
vivid/stable-phone-overlay_zabbix: DNE
vivid/ubuntu-core_zabbix: DNE
xenial_zabbix: ignored (end of standard support, was needed)
yakkety_zabbix: ignored (reached end-of-life)
zesty_zabbix: ignored (reached end-of-life)
artful_zabbix: not-affected (1:3.0.7+dfsg-3)
bionic_zabbix: not-affected (1:3.0.7+dfsg-3)
cosmic_zabbix: not-affected (1:3.0.7+dfsg-3)
disco_zabbix: not-affected (1:3.0.7+dfsg-3)
eoan_zabbix: not-affected (1:3.0.7+dfsg-3)
focal_zabbix: not-affected (1:3.0.7+dfsg-3)
groovy_zabbix: not-affected (1:3.0.7+dfsg-3)
hirsute_zabbix: not-affected (1:3.0.7+dfsg-3)
impish_zabbix: not-affected (1:3.0.7+dfsg-3)
jammy_zabbix: not-affected (1:3.0.7+dfsg-3)
devel_zabbix: not-affected (1:3.0.7+dfsg-3)