CVE-2009-4502

Description

The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.

How to fix CVE-2009-4502

To remediate CVE-2009-4502, upgrade the affected package to a fixed version below.

• Debian/zabbix—upgrade to 1:1.8-1 or later

Is CVE-2009-4502 being exploited?

Likely — EPSS is 64.1%, placing CVE-2009-4502 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.

Affected packages (1)

• from 0, < 1:1.8-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-4502