Written by Antonio 's4tan' Parata, Francesco 'ascii' Ongaro and Giovanni'evilaliv3' Pellerano
Wednesday, 04 March 2009 21:58
ZABBIX 'locales.php' Local File Include and Remote Code Execution Vulnerability
Input Validation Error
Mar 03 2009 12:00AM
Mar 04 2009 01:37PM
Antonio 's4tan' Parata, Francesco 'ascii' Ongaro and Giovanni'evilaliv3' Pellerano
ZABBIX ZABBIX 1.6.2
ZABBIX ZABBIX 1.6.3
ZABBIX is prone to a local-file include vulnerability and a remote code-execution vulnerability that occurs in the front end web interface.
Attackers can exploit these issues to execute arbitrary code within the context of the webserver or gain access to sensitive information. Other attacks are also possible.
ZABBIX 1.6.2 is vulnerable; prior versions may also be affected.
Attackers can exploit these issues via a browser.
The following proof-of-concept URI is available:
Reports indicate that these issues have been fixed. Please see the references for more information.
--ZABBIX Home Page
--Zabbix 1.6.2 Frontend Multiple Vulnerabilities
http://www.securityfocus.com/archive/1/50140 (ascii <