-
Change Request
-
Resolution: Unresolved
-
Trivial
-
None
-
None
-
None
-
None
The Zabbix Agent binaries on Windows are lacking various basic security mitigations like DEP, ASLR and High Entropy ASLR (on 64-bit environments).
Not having these mitigations would make it easier for an attacker to write a reliable exploit in case of a memory corruption vulnerability in the agent.
So, this is not a direct vulnerability, but rather a defense-in-depth measure that could prevent successful exploitation of future known and unknown vulnerabilities.
Looking at the source code, you seem to be using MinGW as a compiler. As far as I can find (I'm not an expert on MinGW at all) modern versions of MinGW can use these compiler flags to enable these mitigations:
DEP:
Wl,-nxcompat
ASLR:
Wl,-dynamicbase
High Entropy ASLR (64-bit binaries only):
Wl,-high-entropy-va
To verify it's indeed active, you could use the Sysinternals Suite' Process Explorer, which is able to display if DEP/ASLR is enabled per process.
Could the Windows binaries please be compiled with these flags, to improve the security of the Zabbix Agent on Windows?