CVE-2007-6210

Zabbix <1.4.3 - Privilege Escalation

Title source: llm

Description

zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bas van Schaik · clocallinux

https://www.exploit-db.com/exploits/30839

View Code ZIP pw:eip

References (9)

[Patch] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452682

[Various Sources] http://www.zabbix.com/forum/showthread.php?t=8400

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00196.html

[Vendor Advisory] https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00232.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26680

[Third Party Advisory] http://www.debian.org/security/2007/dsa-1420

[Third Party Advisory] http://secunia.com/advisories/27903

[Third Party Advisory] http://secunia.com/advisories/27948

[Third Party Advisory] http://secunia.com/advisories/27978

Scores

EPSS 0.0015

EPSS Percentile 34.7%

Details

CWE

CWE-16

Status published

Products (1)

zabbix/zabbix_agentd 1.1.4

Published Dec 04, 2007

Tracked Since Feb 18, 2026