[#ZBX-3794] zabbix_agentd DoS attack with vfs.file.cksum

[ZBX-3794] zabbix_agentd DoS attack with vfs.file.cksum Created: 2011 May 09 Updated: 2017 May 30 Resolved: 2011 May 16
Status:	Closed
Project:	ZABBIX BUGS AND ISSUES
Component/s:	Agent (G)
Affects Version/s:	None
Fix Version/s:	1.8.6, 1.9.4 (alpha)

Type:

Incident report

Priority:

Major

Reporter:

dimir

Assignee:

dimir

Resolution:

Fixed

Votes:

Labels:

None

Remaining Estimate:

Not Specified

Time Spent:

Not Specified

Original Estimate:

Not Specified

Environment:

*NIX

Issue Links:

Duplicate

Description

If you feed a checksum generator a special device i. e. /dev/urandom the CPU load jumps to 100 %. Steps to reproduce on *NIX:

start zabbix_agentd
run: echo "vfs.file.cksum[/dev/urandom]" | nc 127.0.0.1 10050
observe cpu load with command: top

Comments

Comment by dimir [ 2011 May 09 ]

Reproducible in both 1.8pre and 1.9 versions.

Comment by dimir [ 2011 May 10 ]

RESOLVED in development branch svn://svn.zabbix.com/branches/dev/ZBX-3794

Comment by dimir [ 2011 May 16 ]

Fixed in branches/1.8 (r19561), trunk (r19633).

Comment by richlv [ 2011 May 23 ]

seems to have caused ~~ZBX-3830~~

Comment by Takanori Suzuki [ 2011 Nov 02 ]

Though Zabbix SIA might already stopped to maintain 1.6.x, because this is security issue I checked this issue in Zabbix-1.6.9.
Zabbix-1.6-9 is also affected.
So, I made a patch for Zabbix-1.6.9.

https://gist.github.com/1332797

Comment by dimir [ 2011 Nov 02 ]

Thanks!

Generated at Fri Apr 19 07:20:19 EEST 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.

[ZBX-3794] zabbix_agentd DoS attack with vfs.file.cksum Created: 2011 May 09 Updated: 2017 May 30 Resolved: 2011 May 16