Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-15867

Security vulnerability when processing discovery contents from proxy

    XMLWordPrintable

    Details

    • Team:
      Team A
    • Sprint:
      Sprint 49 (Feb 2019)
    • Story Points:
      0.25

      Description

      It's possible to send specific network discovery contents to Zabbix server and make it to accept invalid DNS, resulting in such host being discovered:

      Later if there are scripts that call HOST.DNS, for example script:

      /usr/bin/traceroute {HOST.DNS}
      

      It can open in something unexpected:

        Attachments

        1. echo.png
          echo.png
          54 kB
        2. traceroute.png
          traceroute.png
          15 kB

          Issue Links

            Activity

              People

              Assignee:
              vso Vladislavs Sokurenko
              Reporter:
              vso Vladislavs Sokurenko
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: