|During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level.
|Known attack vectors
|To remediate this vulnerability, apply the updates listed in the 'Fixed Version' section to appropriate products.
|Zabbix wants to thank Brian J. Murrell for reporting this issue to us
|4.0.0 - 4.0.36
5.0.0 – 5.0.18
5.4.0 – 5.4.8