Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6210 — Zabbix vulnerability

CWE-168 documents7 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 64.96%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Zabbix Debian Zabbix Zabbix Agentd

Timeline

PublishedDec 4

Latest updateMay 1

Description

zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/zabbix< zabbix 1:1.4.2-4 (bookworm)

▶Debianzabbix/zabbix< 1:1.4.2-4+3

▶NVDzabbix/zabbix_agentd1.1.4

Patches

Patch: bugs.debian.org ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-rw3m-rqw9-p6rw: zabbix_agentd 1↗2022-05-01

▶

OSV

CVE-2007-6210: zabbix_agentd 1↗2007-12-04

▶

💥Exploits & PoCs

Exploit-DB

Zabbix 1.1.4/1.4.2 - 'daemon_start' Local Privilege Escalation↗2007-12-03

▶

📋Vendor Advisories

Debian

CVE-2007-6210: zabbix - zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid...↗2007

▶

Red Hat

zabbix: root↗

▶

💬Community

Bugzilla

CVE-2007-6210 zabbix scripts running with wrong GID↗2007-12-04

▶

Bugzilla

CVE-2007-6210 zabbix "UserParameter" scripts run with zabbix:root↗2007-12-01

▶