CVE-2008-1353 - Vulnerability Details - OpenCVE

zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zabbix	Zabbix

Configuration 1 [-]

OR	cpe:2.3:a:zabbix:zabbix:1.1.2:::::::*
	cpe:2.3:a:zabbix:zabbix:1.1.3:::::::*
	cpe:2.3:a:zabbix:zabbix:1.1.4:::::::*
	cpe:2.3:a:zabbix:zabbix:1.1.5:::::::*
	cpe:2.3:a:zabbix:zabbix:1.4.2:::::::*
	cpe:2.3:a:zabbix:zabbix:1.4.3:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/29383
http://securityreason.com/securityalert/3747
http://www.securityfocus.com/archive/1/489506/100/0/threaded
http://www.securityfocus.com/bid/28244
http://www.vupen.com/english/advisories/2008/0878
https://exchange.xforce.ibmcloud.com/vulnerabilities/41196

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-03-17T17:00:00

Updated: 2024-08-07T08:17:34.666Z

Reserved: 2008-03-17T00:00:00

Link: CVE-2008-1353

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-03-17T17:44:00.000

Modified: 2024-11-21T00:44:20.957

Link: CVE-2008-1353

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-13T00:00:00", "descriptions": [{"lang": "en", "value": "zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2008-0878", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0878"}, {"name": "3747", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3747"}, {"name": "28244", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28244"}, {"name": "zabbix-zabbixagentd-dos(41196)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41196"}, {"name": "29383", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29383"}, {"name": "20080313 Zabbix (zabbix_agentd) denial of service", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/489506/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1353", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2008-0878", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0878"}, {"name": "3747", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3747"}, {"name": "28244", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28244"}, {"name": "zabbix-zabbixagentd-dos(41196)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41196"}, {"name": "29383", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29383"}, {"name": "20080313 Zabbix (zabbix_agentd) denial of service", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/489506/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:17:34.666Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2008-0878", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0878"}, {"name": "3747", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3747"}, {"name": "28244", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28244"}, {"name": "zabbix-zabbixagentd-dos(41196)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41196"}, {"name": "29383", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29383"}, {"name": "20080313 Zabbix (zabbix_agentd) denial of service", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/489506/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1353", "datePublished": "2008-03-17T17:00:00", "dateReserved": "2008-03-17T00:00:00", "dateUpdated": "2024-08-07T08:17:34.666Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zabbix:zabbix:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B0FB47B1-330E-4ED4-A4AF-993DC613B782", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "FA7AA37E-2E1A-471D-95AE-83A2CABF1DF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:1.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "DFABFF16-FD5E-4FCF-BDF8-AE8D654CEAD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:1.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "03E211F0-2F61-4503-AE89-0F750C2848B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "55BC3D41-DB27-4509-8908-0A7F0A19206E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zabbix:zabbix:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "96A266AD-7853-40D0-8D1B-6ECFF34A76AA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a denial of service (CPU and connection consumption) via multiple vfs.file.cksum commands with a special device node such as /dev/urandom or /dev/zero."}, {"lang": "es", "value": "zabbix_agentd en ZABBIX 1.4.4, permite a atacantes remotos causar una Denegaci\u00f3n de Servicio (Consumo de CPU y conexi\u00f3n) a trav\u00e9s de m\u00faltiples comandos vfs.file.cksum con un nodo de dispositivo como /dev/urandom o /dev/zero."}], "id": "CVE-2008-1353", "lastModified": "2024-11-21T00:44:20.957", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-03-17T17:44:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29383"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3747"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/489506/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28244"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/0878"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41196"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29383"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3747"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/489506/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28244"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/0878"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41196"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}