Zone-H Advertisement
Home arrow Avisos de Segurança arrow Zabbix "UserParameter" Privilege Escalation Weakness
17 de May de 2008
  
 
Ataques desta semana
O.S.  Defs.  %
Linux  1736  54.92%
Win 2003  1162  36.76%
Win 2000  114  3.61%
FreeBSD  70  2.21%
Unknown  62  1.96%
Other  17  0.54%

Total de ataques: 3161 dos quais 1168 único(s) no ip e 1993 invasão(ões) em massa

Menu Principal
Home
Guerra Digital
Geopolítica
Notícias ITsec
Avisos de Segurança
Test Drive
360°
Sites atacados
Eventos do Zone-H
Fórum
Publicações
Zone-H Amigos/Parceiros
Contate-nos
Sobre este Site
Membros do Zone-H BR
Favoritos geral
Zone-H.org
Área de download
Zabbix "UserParameter" Privilege Escalation Weakness PDF Imprimir E-mail
Avaliação do Usuário: / 0
PiorMelhor 
Por Marcelo Almeida (Vympel)   
03 de December de 2007
A weakness has been reported in Zabbix, which can be exploited by malicious users to perform certain actions with escalated privileges.

The weakness is caused due to the "daemon_start()" function in src/libs/zbxnix/daemon.c not correctly dropping the privileges. This can be exploited to e.g. execute "UserParameter" scripts as group "root".

This affects the agent for UNIX-like operating systems only.

The weakness is reported in version 1.4.2. Other versions may also be affected.

Solution:
Reportedly, this will be fixed in version 1.4.3.

Provided and/or discovered by:
Bas van Schaik

Original Advisory:
http://www.zabbix.com/forum/showthread.php?t=8400
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=452682
 
< Anterior   Próximo >
[Voltar]
 
Top!
(C) 2008 Zone-H - Informação sem restrição
Top!