Zabbix Unspecified Buffer Overflow Vulnerability

Bugtraq ID:	22321
Class:	Boundary Condition Error
CVE:	CVE-2007-0640
Remote:	Yes
Local:	No
Published:	Jan 30 2007 12:00AM
Updated:	May 12 2015 07:35PM
Credit:	The vendor disclosed this issue.
Vulnerable:	ZABBIX ZABBIX 1.1.4 ZABBIX ZABBIX 1.1.3 ZABBIX ZABBIX 1.1.2
Not Vulnerable:	ZABBIX ZABBIX 1.1.5

Zabbix Unspecified Buffer Overflow Vulnerability

ZABBIX is prone to an unspecified buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed attempts will likely cause denial-of-service conditions.

Versions prior to 1.1.5 are vulnerable.

Zabbix Unspecified Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Zabbix Unspecified Buffer Overflow Vulnerability

Solution:
The vendor has released version 1.1.5 to address this issue. Please see the references for more information.


ZABBIX ZABBIX 1.1.2

• ZABBIX zabbix-1.1.5.tar.gz
  http://prdownloads.sourceforge.net/zabbix/zabbix-1.1.5.tar.gz?download

ZABBIX ZABBIX 1.1.3

• ZABBIX zabbix-1.1.5.tar.gz
  http://prdownloads.sourceforge.net/zabbix/zabbix-1.1.5.tar.gz?download

ZABBIX ZABBIX 1.1.4

• ZABBIX zabbix-1.1.5.tar.gz
  http://prdownloads.sourceforge.net/zabbix/zabbix-1.1.5.tar.gz?download

Zabbix Unspecified Buffer Overflow Vulnerability

References:

• ZABBIX 1.1.5 Release Notes (ZABBIX)