[ZBX-993] DoS in Zabbix Server Created: 2009 Jul 21 Updated: 2017 May 30 Resolved: 2009 Jul 21 |
|
Status: | Closed |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Proxy (P), Server (S) |
Affects Version/s: | 1.6 |
Fix Version/s: | 1.6 |
Type: | Incident report | Priority: | Critical |
Reporter: | Alexander Vladishev | Assignee: | Alexander Vladishev |
Resolution: | Fixed | Votes: | 0 |
Labels: | None | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified | ||
Environment: |
Zabbix server v1.6.x |
Description |
While reading Zabbix source code, I found a small error leading to an In src/zabbix_server/trapper/trapper.c, function process_trap() :
[...]
The patch is trivial : just use "copy" instead of "s" in your check. server=(char *)strtok(copy,":"); Exploit code : 8<----------------------------------------------------------------- PORT = 10051 import socket try: header = 'ZBXD\x01'
size = struct.pack('q', len(data)) socket.close() |
Comments |
Comment by Alexander Vladishev [ 2009 Jul 21 ] |
Fixed in version pre1.6.6, rev. 7690. |
Comment by richlv [ 2009 Sep 15 ] |
closing all resolved issues |
Comment by Rafael Gomes [ 2009 Dec 15 ] |
I got this error with exploit: File "166.pl", line 18 My Zabbix server 1.6.4 was compiled from source. My version is affected too? |
Comment by richlv [ 2009 Dec 15 ] |
ad the original comment said, it should be fixed in 1.6.6
|
Comment by richlv [ 2009 Dec 15 ] |
let's try full link then... |
Comment by Rafael Gomes [ 2009 Dec 15 ] |
I just wanna know if my version is affected, because I can't exploit with this code. |
Comment by Nicob [ 2009 Dec 15 ] |
Indentation of the provided exploit code is broken. Version 1.6.4 (even from source) is affected, but you may try the following PoC : |
Comment by Rafael Gomes [ 2009 Dec 16 ] |
Hi Nicob, Thanks for you help, but I can't exploit it yet. When I put your code in server, I didn't get anything and my server still running |