Bug 1218199 (CVE-2023-32727)

Summary: VUL-0: CVE-2023-32727: zabbix: potential arbitrary code execution in icmpping() function
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: andrea.mattiazzo, Andreas.Stieger
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/388525/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-32727:6.8:(AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1225537    

Description SMASH SMASH 2023-12-19 10:36:12 UTC 
An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32727
https://support.zabbix.com/browse/ZBX-23857

Patch:
https://github.com/zabbix/zabbix/commit/0bdbce011b2ab5b533491d766f164c81d021b258
https://github.com/zabbix/zabbix/commit/969ac7663f287ec6ce5c7f8cc6d5e2bba3969334
Comment 2 Boris Manojlovic 2023-12-24 09:57:31 UTC 
update in pipeline
Comment 3 OBSbugzilla Bot 2023-12-24 11:35:01 UTC 
This is an autogenerated message for OBS integration:
This bug (1218199) was mentioned in
https://build.opensuse.org/request/show/1134975 Backports:SLE-15-SP5 / zabbix
https://build.opensuse.org/request/show/1134977 Backports:SLE-15-SP4 / zabbix
https://build.opensuse.org/request/show/1134978 Backports:SLE-15-SP5 / zabbix
Comment 4 Marcus Meissner 2023-12-28 02:05:24 UTC 
openSUSE-SU-2023:0419-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1218199
CVE References: CVE-2023-32727
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP4 (src):    zabbix-4.0.50-bp154.2.9.1
Comment 5 Marcus Meissner 2023-12-28 02:05:41 UTC 
openSUSE-SU-2023:0418-1: An update that fixes one vulnerability is now available.

Category: security (important)
Bug References: 1218199
CVE References: CVE-2023-32727
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP5 (src):    zabbix-4.0.50-bp155.3.9.1
Comment 6 Andreas Stieger 2024-05-28 21:43:38 UTC 
Missing in Leap 15.6. Please process incoming submission or fix in Leap 15.6 in your chosen way. (bug 1225537)
Comment 7 Andreas Stieger 2024-05-29 11:16:02 UTC 
As per bug 1225537 now also fixed in Leap 15.6, closing