CVE-2009-4502

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2009-4502

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2009-4502.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2009-4502

Downstream

DEBIAN-CVE-2009-4502

Withdrawn

2026-01-27T04:10:05.067067Z

Published

2009-12-31T18:30:01Z

Modified

2026-01-27T04:10:05.067067Z

Summary

[none]

Details

The NETTCPLISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.

References

http://secunia.com/advisories/37740
http://www.vupen.com/english/advisories/2009/3514
https://support.zabbix.com/browse/ZBX-1032
http://www.securityfocus.com/archive/1/508439

CVE-2009-4502

Affected packages