Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-20341

Incorrect permissions of [/var/run/zabbix] forces dac_override (CVE-2022-23132)

XMLWordPrintable

    • Sprint 83 (Dec 2021)
    • 1

      CVE number CVE-2022-23132
      CVSS score 3.3
      Severity Low
      Description During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level.
      Known attack vectors -
      Resolution To remediate this vulnerability, apply the updates listed in the 'Fixed Version' section to appropriate products.
      Acknowledgements Zabbix wants to thank Brian J. Murrell for reporting this issue to us
      Affected versions 4.0.0 - 4.0.36
      5.0.0 – 5.0.18
      5.4.0 – 5.4.8
      6.0.0alpha1-6.0.0alpha7
      Workarounds -

            yurii Jurijs Klopovskis
            amitrofanov Alexey Mitrofanov (Inactive)
            Team B
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: