Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-20383

Possible remote code execution in Zabbix Java Gateway with logback 1.2.7 and prior versions (no CVE registered)

    XMLWordPrintable

Details

    • Team A
    • Sprint 83 (Dec 2021), Sprint 84 (Jan 2022)
    • 0.5

    Description

      CVE number no CVE registered
      CVSS score -
      Severity Medium
      Affected versions 2.0-2.X
      3.0-3.X
      4.0.0 - 4.0.36
      5.0.18
      5.4.0 -5.4.8
      6.0.0alpha1-6.0.0beta1
      Description In Zabbix Java Gateway with logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers.
      Known attack vectors A successful RCE attack with CVE-2021-42550 requires all of the following conditions to be met: write access to zabbix_java_gateway_logback.xml; use of logback versions < 1.2.9; reloading of poisoned configuration data, which implies application restart or scan="true" set prior to the attack. An attacker with such privileges may get remote access to the server with Zabbix Java Gateway
      Resolution To remediate CVE-2021-42550 apply the updates listed in the 'Fixed Version' section to appropriate products or if an immediate update is not possible, follow the presented below workarounds.
      As an additional measure for the fixed versions, we also recommend checking permission to /etc/zabbix/zabbix_java_gateway_logback.xml file and set it read-only, if write permissions are available for “zabbix” user. 
      Workarounds If an immediate update is not possible, check permissions for “zabbix” user:
      • /etc/zabbix/zabbix_java_gateway_logback.xml file permissions are set to read-only only;
      • the user cannot restart Zabbix Java Gateway service.

      Attachments

        Issue Links

          Activity

            People

              martins-v Martins Valkovskis
              vso Vladislavs Sokurenko
              Votes:
              0 Vote for this issue
              Watchers:
              10 Start watching this issue

              Dates

                Created:
                Updated: