Zabbix SQL Injection Vulnerability
On Aug 12th, 2016, 1n3 exposed by email that SQL injection vulnerability exists when jsrpc.php file of Zabbix processes profileIdx2 parameter, which is similar to a previous SQL injection with INSERT statement when latest.php file processes toggle_ids parameter. The only difference between the two is the attacking point.
When permission for guest is enabled on Zabbix and default password is empty, the attackers can log in to Zabbix without being authorized or obtain system privilege of Zabbix server using script.
Zabbix, composed of Zabbix server and Zabbix agent (an optional component), is a web-based, enterprise-level open-source software designed for distributed monitoring of systems and networks. Everything inside the network can be monitored and tracked, for example, status of various network services, servers and network hardware, etc. Moreover, administrators can be informed of all sorts of problems to find and troubleshoot those problems in time. By using SNMP, Zabbix agent, ping command, port monitoring and many other approaches, Zabbix is capable of monitoring remote servers and networks, and collecting data as well. Zabbix can be installed on Linux, Solaris, HP-UX, AIX, Free BSD, Open BSD, OS X hosts, etc.
Software Versions: 2.2.x, 3.0.0 to 3.0.3.
Vulnerability details: Zabbix SQL Injection Vulnerability
1 Upgrade to the latest version, version 3.0.4.
2 For Sangfor NGAF customers, update the IPS to version 20160822 version or above.