Posted by Timo Juhani Lindfors on May 03
CVE-2016-4338: Zabbix Agent 3.0.1 mysql.size shell command injection
——————————————————————–
Affected products
=================
At least Zabbix Agent 1:3.0.1-1+wheezy from
http://repo.zabbix.com/zabbix/3.0/debian is vulnerable. Other versions
were not tested.
Background
==========
“Zabbix agent is deployed on a monitoring target to actively monitor
local resources and applications (hard…