Zabbix: Root privilege escalation

Zabbix: Root privilege escalation Multiple vulnerabilities were discovered in Gentoo's ebuild for Zabbix which could lead to root privilege escalation. zabbix 2021-01-21 2021-01-21 629882 629884 local 3.0.30 4.0.18 4.4.6

Zabbix is software for monitoring applications, networks, and servers.

It was discovered that Gentoo’s Zabbix ebuild did not properly set permissions or placed the pid file in an unsafe directory.

A local attacker could escalate privileges.

There is no known workaround at this time.

All Zabbix 3.0.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=net-analyzer/zabbix-3.0.30:0/3.0"

All Zabbix 4.0.x users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=net-analyzer/zabbix-4.0.18:0/4.0"

All other Zabbix users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose ">=net-analyzer/zabbix-4.4.6"

BlueKnight b-man