hi, On Wed, Mar 19, 2008 at 03:01:49PM +0100, Nico Golde wrote: > Hi, > the following CVE (Common Vulnerabilities & Exposures) id was > published for zabbix. > > CVE-2008-1353[0]: > | zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a > | denial of service (CPU and connection consumption) via multiple > | vfs.file.cksum commands with a special device node such as > | /dev/urandom or /dev/zero. > > This should just work for authenticated hosts or hosts with > a spoofed IP address. However from what I see this is also > useable for local users.
thanks for you report, this issue has been reportet to upstream (ZBX-328) but no patch so far. Waiting for a patch .. bye, - michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]