Vulnerabilities > CVE-2011-3263 - Resource Management Errors vulnerability in Zabbix
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU consumption) by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family CGI abuses NASL id ZABBIX_FRONTEND_1_8_6.NASL description According to its self-reported version number, the instance of Zabbix listening on the remote host is earlier than 1.8.6. It could, therefore, be affected by multiple vulnerabilities. - An input validation error exists in the script last seen 2020-06-01 modified 2020-06-02 plugin id 56091 published 2011-09-07 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56091 title Zabbix < 1.8.6 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(56091); script_version("1.9"); script_cvs_date("Date: 2018/11/15 20:50:19"); script_cve_id("CVE-2011-2904", "CVE-2011-3263", "CVE-2011-3264"); script_bugtraq_id(49016, 49275, 63920); script_name(english:"Zabbix < 1.8.6 Multiple Vulnerabilities"); script_summary(english:"Checks Zabbix Version"); script_set_attribute( attribute:"synopsis", value: "The remote web application may be affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "According to its self-reported version number, the instance of Zabbix listening on the remote host is earlier than 1.8.6. It could, therefore, be affected by multiple vulnerabilities. - An input validation error exists in the script 'acknow.php' that allows arbitrary script or HTML injection via the 'backurl' parameter. (CVE-2011-2904) - An error exists related to 'zabbix_agentd' and 'vfs.file.cksum'. An attacker could cause excessive CPU usage if the 'vfs.file.cksum' command is pointed at a special device such as '/dev/urandom'. (CVE-2011-3263) - An information disclosure vulnerability exists in the script 'popup.php' because the 'srcfld2' parameter is not properly checked. This vulnerability can reveal sensitive information such as the application's install path. (CVE-2011-3264) Note that Nessus has not tested for these flaws but has instead relied on the version in the Zabbix login page." ); # http://web.archive.org/web/20120304113355/http://secnut.blogspot.com/2011/05/zabbix-cross-site-scripting.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ad30fa5c"); script_set_attribute(attribute:"see_also", value:"https://support.zabbix.com/browse/ZBX-3794"); script_set_attribute(attribute:"see_also", value:"https://support.zabbix.com/browse/ZBX-3835"); script_set_attribute(attribute:"see_also", value:"https://support.zabbix.com/browse/ZBX-3840"); script_set_attribute(attribute:"see_also", value:"https://www.zabbix.com/rn/rn1.9.4"); script_set_attribute(attribute:"solution", value:"Update Zabbix to version 1.8.6 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2011/05/23"); script_set_attribute(attribute:"patch_publication_date", value:"2011/08/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/09/07"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:zabbix:zabbix"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies("zabbix_frontend_detect.nasl"); script_require_keys("www/zabbix", "Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); port = get_http_port(default:80, php:TRUE); install = get_install_from_kb(appname:"zabbix", port:port, exit_on_fail:TRUE); ver = install['ver']; dir = install['dir']; install_url = build_url(port:port, qs:dir); if (ver == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, "Zabbix", install_url); if (report_paranoia < 2) audit(AUDIT_PARANOID); fix_version = '1.8.6'; if (ver_compare(ver:ver, fix:fix_version, strict:FALSE) < 0) { set_kb_item(name:'www/'+port+'/XSS', value:TRUE); if (report_verbosity > 0) { report = '\n URL : ' + install_url + '\n Installed version : ' + ver+ '\n Fixed version : ' + fix_version + '\n'; security_warning(port:port, extra:report); } else security_warning(port); exit(0); } audit(AUDIT_WEB_APP_NOT_AFFECTED, "Zabbix", install_url, ver);NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201311-15.NASL description The remote host is affected by the vulnerability described in GLSA-201311-15 (Zabbix: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Zabbix. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary SQL statements, cause a Denial of Service condition, or obtain sensitive information. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 71089 published 2013-11-26 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71089 title GLSA-201311-15 : Zabbix: Multiple vulnerabilities NASL family CGI abuses NASL id ZABBIX_FRONTEND_1_9_4.NASL description According to its self-reported version number, the instance of Zabbix listening on the remote host is 1.9.x prior to 1.9.4. It could, therefore, be affected by a denial of service vulnerability related to last seen 2020-06-01 modified 2020-06-02 plugin id 71535 published 2013-12-19 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71535 title Zabbix 1.9.x < 1.9.4 zabbix_agentd DoS NASL family Fedora Local Security Checks NASL id FEDORA_2011-10583.NASL description - update to 1.8.6 - upstream changelog at http://www.zabbix.com/rn1.8.6.php Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 55947 published 2011-08-23 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/55947 title Fedora 16 : zabbix-1.8.6-1.fc16 (2011-10583)