hi,
On Wed, Mar 19, 2008 at 03:01:49PM +0100, Nico Golde wrote:
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for zabbix.
>
> CVE-2008-1353[0]:
> | zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a
> | denial of service (CPU and connection consumption) via multiple
> | vfs.file.cksum commands with a special device node such as
> | /dev/urandom or /dev/zero.
>
> This should just work for authenticated hosts or hosts with
> a spoofed IP address. However from what I see this is also
> useable for local users.
thanks for you report, this issue has been reportet to upstream
(ZBX-328) but no patch so far. Waiting for a patch ..
bye,
- michael
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
