CVE-2009-4502

Source
https://nvd.nist.gov/vuln/detail/CVE-2009-4502
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2009-4502.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2009-4502
Published
2009-12-31T18:30:01Z
Modified
2024-12-31T16:00:03Z
Summary
[none]
Details

The NETTCPLISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.

References

Affected packages

Debian:11 / zabbix

Package

Name
zabbix
Purl
pkg:deb/debian/zabbix?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / zabbix

Package

Name
zabbix
Purl
pkg:deb/debian/zabbix?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:1.8-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}