Zabbix 1.9.x < 1.9.4 zabbix_agentd DoS

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote web application may be affected by a denial of service

Description :

According to its self-reported version number, the instance of Zabbix
listening on the remote host is 1.9.x prior to 1.9.4. It could,
therefore, be affected by a denial of service vulnerability related to
'zabbix_agentd' and 'vfs.file.cksum'. An attacker can cause excessive
CPU usage if the 'vfs.file.cksum' command is pointed at a special device
such as '/dev/urandom'.

Note that Nessus has not tested for this issue, but has instead relied
only on the application's self-reported version number.

See also :

Solution :

Update Zabbix to version 1.9.4 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 71535 ()

Bugtraq ID: 63920

CVE ID: CVE-2011-3263