Published: 31/12/2009 Updated: 01/01/2010

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 940

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

The NET_TCP_LISTEN function in net.c in Zabbix Agent prior to 1.6.7, when running on FreeBSD or Solaris, allows remote malicious users to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.

Vulnerable Product	Search on Vulmon	Subscribe to Product
zabbix zabbix 1.4.3
zabbix zabbix 1.1.5
zabbix zabbix 1.1.4
zabbix zabbix 1.1.3
zabbix zabbix 1.1.2
zabbix zabbix
zabbix zabbix 1.4.6
zabbix zabbix 1.4.4
zabbix zabbix 1.4.2

Zabbix Agent : Bypass of EnableRemoteCommands=0 From: Nicob <nicob () nicob net> Date: Sun, 13 Dec 2009 16:28:30 +0100 From Wikipedia : "Zabbix is a network management system application [] designed to monitor and track the status of various network services, servers, and other network hardware" [Zabbix Agent : Bypass of EnableRemoteCo ...

## # $Id: zabbix_agent_execrb 9669 2010-07-03 03:13:45Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' clas ...

CWE-264 http://secunia.com/advisories/37740 http://www.securityfocus.com/archive/1/508439 https://support.zabbix.com/browse/ZBX-1032 http://www.vupen.com/english/advisories/2009/3514 https://nvd.nist.gov https://www.exploit-db.com/exploits/10431/

CVE-2009-4502

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect