The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-12-31T18:00:00Z
Updated: 2024-09-17T00:05:31.046Z
Reserved: 2009-12-30T00:00:00Z
Link: CVE-2009-4502
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-12-31T18:30:01.797
Modified: 2024-11-21T01:09:47.750
Link: CVE-2009-4502
Redhat
No data.