Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-15867

Security vulnerability when processing discovery contents from proxy

    Details

    • Team:
      Team A
    • Sprint:
      Sprint 49 (Feb 2019)
    • Story Points:
      0.25

      Description

      It's possible to send specific network discovery contents to Zabbix server and make it to accept invalid DNS, resulting in such host being discovered:

      Later if there are scripts that call HOST.DNS, for example script:

      /usr/bin/traceroute {HOST.DNS}
      

      It can open in something unexpected:

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                vso Vladislavs Sokurenko
                Reporter:
                vso Vladislavs Sokurenko
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: