Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-15867

Security vulnerability when processing discovery contents from proxy

XMLWordPrintable

    • Sprint 49 (Feb 2019)
    • 0.25

      It's possible to send specific network discovery contents to Zabbix server and make it to accept invalid DNS, resulting in such host being discovered:

      Later if there are scripts that call HOST.DNS, for example script:

      /usr/bin/traceroute {HOST.DNS}
      

      It can open in something unexpected:

        1. echo.png
          54 kB
          Vladislavs Sokurenko
        2. traceroute.png
          15 kB
          Vladislavs Sokurenko

            vso Vladislavs Sokurenko
            vso Vladislavs Sokurenko
            Team A
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: