Security Bypass Zabbix

Posted: January 23, 2013 in Vulnerabilities
Tags: ,


Security Bypass Zabbix

Vulnerability: Security Bypass Zabbix

Danger level: Average
Availability of fixes: Insturktsii to eliminate
Number of vulnerabilities: 1

CVE ID: CVE-2013-1364
Vector of operation: Local Network
Impact: Security Bypass

Affected products: Zabbix 2.x

Affected versions: Zabbix 2.0.4, perhaps the only one.


Vulnerability allows the removed user to bypass some restrictions of safety.

The vulnerability is due to the fact that the function ‘user.login ()’ does not handle parameter ‘cnf’ LDAP-authentication requests. A remote user can change certain authentication in LDAP.

Successful exploitation of this vulnerability requires that used LDAP-authentication.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s