What is CVE-2009-4502?

CVE-2009-4502 is a vulnerability in N/a. Published 2009-12-31.

Is CVE-2009-4502 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2009-4502

The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argume…

EPSS: 0.641 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

20091213 Zabbix Agent : Bypass of EnableRemoteCommands=0 (mailing-list, x_refsource_BUGTRAQ)
support.zabbix.com/browse/ZBX-1032 (x_refsource_CONFIRM)
37740 (x_refsource_SECUNIA, third-party-advisory)
ADV-2009-3514 (vdb-entry, x_refsource_VUPEN)

Frequently asked questions

What is CVE-2009-4502?: CVE-2009-4502 is a vulnerability in N/a. Published 2009-12-31.
Is CVE-2009-4502 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.