CVE-2011-3263

zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows context-dependent attackers to cause a denial of service (CPU consumption) by executing the vfs.file.cksum command for a special device, as demonstrated by the /dev/urandom device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
VendorProductVersion
zabbixzabbix
𝑥
≤ 1.8.5
zabbixzabbix
1.1
zabbixzabbix
1.1:beta10
zabbixzabbix
1.1:beta11
zabbixzabbix
1.1:beta12
zabbixzabbix
1.1:beta2
zabbixzabbix
1.1:beta3
zabbixzabbix
1.1:beta4
zabbixzabbix
1.1:beta5
zabbixzabbix
1.1:beta6
zabbixzabbix
1.1:beta7
zabbixzabbix
1.1:beta8
zabbixzabbix
1.1:beta9
zabbixzabbix
1.1.1
zabbixzabbix
1.1.2
zabbixzabbix
1.1.3
zabbixzabbix
1.1.4
zabbixzabbix
1.1.5
zabbixzabbix
1.1.6
zabbixzabbix
1.1.7
zabbixzabbix
1.3:beta
zabbixzabbix
1.3.1:beta
zabbixzabbix
1.3.2:beta
zabbixzabbix
1.3.3:beta
zabbixzabbix
1.3.4:beta
zabbixzabbix
1.3.5:beta
zabbixzabbix
1.3.6:beta
zabbixzabbix
1.3.7:beta
zabbixzabbix
1.3.8:beta
zabbixzabbix
1.4.2
zabbixzabbix
1.4.3
zabbixzabbix
1.4.4
zabbixzabbix
1.4.5
zabbixzabbix
1.4.6
zabbixzabbix
1.5:beta
zabbixzabbix
1.5.1:beta
zabbixzabbix
1.5.2:beta
zabbixzabbix
1.5.3:beta
zabbixzabbix
1.5.4:beta
zabbixzabbix
1.6
zabbixzabbix
1.6.1
zabbixzabbix
1.6.2
zabbixzabbix
1.6.3
zabbixzabbix
1.6.4
zabbixzabbix
1.6.5
zabbixzabbix
1.6.6
zabbixzabbix
1.6.7
zabbixzabbix
1.6.8
zabbixzabbix
1.6.9
zabbixzabbix
1.7
zabbixzabbix
1.7.1
zabbixzabbix
1.7.2
zabbixzabbix
1.7.3
zabbixzabbix
1.7.4
zabbixzabbix
1.8
zabbixzabbix
1.8.1
zabbixzabbix
1.8.2
zabbixzabbix
1.8.3
zabbixzabbix
1.8.3:rc1
zabbixzabbix
1.8.3:rc2
zabbixzabbix
1.8.3:rc3
zabbixzabbix
1.8.4
zabbixzabbix
1.8.4:rc1
zabbixzabbix
1.8.4:rc2
zabbixzabbix
1.8.4:rc3
zabbixzabbix
1.8.4:rc4
zabbixzabbix
1.8.5:rc1
zabbixzabbix
1.9.0:alpha
zabbixzabbix
1.9.1:alpha
zabbixzabbix
1.9.2:alpha
zabbixzabbix
1.9.3:alpha
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
zabbix
bullseye
1:5.0.8+dfsg-1
fixed
bullseye (security)
1:5.0.44+dfsg-1+deb11u1
fixed
bookworm
1:6.0.14+dfsg-1
fixed
sid
1:7.0.5+dfsg-1
fixed
trixie
1:7.0.5+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
zabbix
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://www.zabbix.com/rn1.8.6.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/69378
https://support.zabbix.com/browse/ZBX-3794
http://www.zabbix.com/rn1.8.6.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/69378
https://support.zabbix.com/browse/ZBX-3794