CVE-2009-4502 : The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running

The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.

Published 2009-12-31 18:30:02

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2009-4502

Zabbix » Zabbix
Versions up to, including, (<=) 1.6.6
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
Matching versions
When used together with: Freebsd » Freebsd
When used together with: SUN » Solaris
Zabbix » Zabbix » Version: 1.1.2
cpe:2.3:a:zabbix:zabbix:1.1.2:*:*:*:*:*:*:*
Matching versions
When used together with: Freebsd » Freebsd
When used together with: SUN » Solaris
Zabbix » Zabbix » Version: 1.1.3
cpe:2.3:a:zabbix:zabbix:1.1.3:*:*:*:*:*:*:*
Matching versions
When used together with: Freebsd » Freebsd
When used together with: SUN » Solaris
Zabbix » Zabbix » Version: 1.1.5
cpe:2.3:a:zabbix:zabbix:1.1.5:*:*:*:*:*:*:*
Matching versions
When used together with: Freebsd » Freebsd
When used together with: SUN » Solaris
Zabbix » Zabbix » Version: 1.4.2
cpe:2.3:a:zabbix:zabbix:1.4.2:*:*:*:*:*:*:*
Matching versions
When used together with: Freebsd » Freebsd
When used together with: SUN » Solaris
Zabbix » Zabbix » Version: 1.4.3
cpe:2.3:a:zabbix:zabbix:1.4.3:*:*:*:*:*:*:*
Matching versions
When used together with: Freebsd » Freebsd
When used together with: SUN » Solaris
Zabbix » Zabbix » Version: 1.1.4
cpe:2.3:a:zabbix:zabbix:1.1.4:*:*:*:*:*:*:*
Matching versions
When used together with: Freebsd » Freebsd
When used together with: SUN » Solaris
Zabbix » Zabbix » Version: 1.4.4
cpe:2.3:a:zabbix:zabbix:1.4.4:*:*:*:*:*:*:*
Matching versions
When used together with: Freebsd » Freebsd
When used together with: SUN » Solaris
Zabbix » Zabbix » Version: 1.4.6
cpe:2.3:a:zabbix:zabbix:1.4.6:*:*:*:*:*:*:*
Matching versions
When used together with: Freebsd » Freebsd
When used together with: SUN » Solaris

Exploit prediction scoring system (EPSS) score for CVE-2009-4502

EPSS FAQ

63.55%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 98 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2009-4502

Zabbix Agent net.tcp.listen Command Injection

Disclosure Date: 2009-09-10

First seen: 2020-04-26

exploit/unix/misc/zabbix_agent_exec

This module exploits a metacharacter injection vulnerability in the FreeBSD and Solaris versions of the Zabbix agent. This flaw can only be exploited if the attacker can hijack the IP address of an authorized server (as defined in the configuration file). Au

More information

CVSS scores for CVE-2009-4502

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2009-4502

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-4502

http://secunia.com/advisories/37740

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
https://support.zabbix.com/browse/ZBX-1032

[ZBX-1032] Bypassing EnableRemoteCommands=0 in Zabbix Client. - ZABBIX SUPPORT
Exploit
http://www.securityfocus.com/archive/1/508439
http://www.vupen.com/english/advisories/2009/3514

Site en construction
Vendor Advisory

CVEs referencing this url

Jump to