PT-2006-7294 · Zabbix · Zabbix

Max Vozeler

Published

2006-12-21

Updated

2011-03-08

CVE-2006-6693

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Zabbix versions prior to 20061006

Description: The issue is related to multiple buffer overflows that can cause a denial of service, potentially leading to application crashes, and may allow the execution of arbitrary code. This is achieved by sending long strings to the zabbix log and zabbix syslog functions.

Recommendations: For versions prior to 20061006, update to a version released after 20061006 to resolve the issue. As a temporary workaround, consider restricting input to the zabbix log and zabbix syslog functions to prevent long strings from being processed.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6693

Affected Products

Zabbix

PT-2006-7294 · Zabbix · Zabbix

CVE-2006-6693

Related Identifiers

Affected Products

References · 11