CVE-2009-4502
Zabbix Agent - 'net.tcp.listen' Command Injection
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
La función NET_TCP_LISTEN en net.c en Zabbix Agent versiones anteriores a v1.6.7, cuando se ejecuta en FreeBSD o Solaris, permite a atacantes remotos eludir la asignación de EnableRemoteCommands y ejecutar comandos de su elección mediante metacaracteres del interprete de comandos en el argumento de net.tcp.listen. NOTA: este ataque está limitado a ser realizado desde direcciones IP de confianza.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-12-14 First Exploit
- 2009-12-30 CVE Reserved
- 2009-12-31 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/508439 | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16918 | 2010-07-03 | |
| https://www.exploit-db.com/exploits/10431 | 2009-12-14 | |
| https://support.zabbix.com/browse/ZBX-1032 | 2024-09-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/37740 | 2010-01-01 | |
| http://www.vupen.com/english/advisories/2009/3514 | 2010-01-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | <= 1.6.6 Search vendor "Zabbix" for product "Zabbix" and version " <= 1.6.6" | - |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | <= 1.6.6 Search vendor "Zabbix" for product "Zabbix" and version " <= 1.6.6" | - |
Affected
| in | Sun Search vendor "Sun" | Solaris Search vendor "Sun" for product "Solaris" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.1.2 Search vendor "Zabbix" for product "Zabbix" and version "1.1.2" | - |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.1.2 Search vendor "Zabbix" for product "Zabbix" and version "1.1.2" | - |
Affected
| in | Sun Search vendor "Sun" | Solaris Search vendor "Sun" for product "Solaris" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.1.3 Search vendor "Zabbix" for product "Zabbix" and version "1.1.3" | - |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.1.3 Search vendor "Zabbix" for product "Zabbix" and version "1.1.3" | - |
Affected
| in | Sun Search vendor "Sun" | Solaris Search vendor "Sun" for product "Solaris" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.1.4 Search vendor "Zabbix" for product "Zabbix" and version "1.1.4" | - |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.1.4 Search vendor "Zabbix" for product "Zabbix" and version "1.1.4" | - |
Affected
| in | Sun Search vendor "Sun" | Solaris Search vendor "Sun" for product "Solaris" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.1.5 Search vendor "Zabbix" for product "Zabbix" and version "1.1.5" | - |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.1.5 Search vendor "Zabbix" for product "Zabbix" and version "1.1.5" | - |
Affected
| in | Sun Search vendor "Sun" | Solaris Search vendor "Sun" for product "Solaris" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.4.2 Search vendor "Zabbix" for product "Zabbix" and version "1.4.2" | - |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.4.2 Search vendor "Zabbix" for product "Zabbix" and version "1.4.2" | - |
Affected
| in | Sun Search vendor "Sun" | Solaris Search vendor "Sun" for product "Solaris" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.4.3 Search vendor "Zabbix" for product "Zabbix" and version "1.4.3" | - |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.4.3 Search vendor "Zabbix" for product "Zabbix" and version "1.4.3" | - |
Affected
| in | Sun Search vendor "Sun" | Solaris Search vendor "Sun" for product "Solaris" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.4.4 Search vendor "Zabbix" for product "Zabbix" and version "1.4.4" | - |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.4.4 Search vendor "Zabbix" for product "Zabbix" and version "1.4.4" | - |
Affected
| in | Sun Search vendor "Sun" | Solaris Search vendor "Sun" for product "Solaris" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.4.6 Search vendor "Zabbix" for product "Zabbix" and version "1.4.6" | - |
Affected
| in | Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | * | - |
Safe
|
| Zabbix Search vendor "Zabbix" | Zabbix Search vendor "Zabbix" for product "Zabbix" | 1.4.6 Search vendor "Zabbix" for product "Zabbix" and version "1.4.6" | - |
Affected
| in | Sun Search vendor "Sun" | Solaris Search vendor "Sun" for product "Solaris" | * | - |
Safe
|