UBUNTU-CVE-2014-3005

Source
https://ubuntu.com/security/CVE-2014-3005
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2014/UBUNTU-CVE-2014-3005.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2014-3005
Related
Published
2018-02-01T17:29:00Z
Modified
2018-02-01T17:29:00Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in an XML request.

References

Affected packages

Ubuntu:Pro:14.04:LTS / zabbix

Package

Name
zabbix
Purl
pkg:deb/ubuntu/zabbix?arch=src?distro=trusty/esm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:2.2.2+dfsg-1ubuntu1+esm1

Affected versions

1:2.*

1:2.0.6+dfsg-1ubuntu2
1:2.2.0+dfsg-1ubuntu1
1:2.2.0+dfsg-6ubuntu1
1:2.2.1+dfsg-1ubuntu3
1:2.2.2+dfsg-1ubuntu1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-agent"
        },
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-agent-dbgsym"
        },
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-frontend-php"
        },
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-java-gateway"
        },
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-proxy-mysql"
        },
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-proxy-mysql-dbgsym"
        },
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-proxy-pgsql"
        },
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-proxy-pgsql-dbgsym"
        },
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-proxy-sqlite3"
        },
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-proxy-sqlite3-dbgsym"
        },
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-server-mysql"
        },
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-server-mysql-dbgsym"
        },
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-server-pgsql"
        },
        {
            "binary_version": "1:2.2.2+dfsg-1ubuntu1+esm1",
            "binary_name": "zabbix-server-pgsql-dbgsym"
        }
    ]
}