|
|
|||
| Rule General Information |
|---|
| Release Date: | 2017-08-10 | |
| Rule Name: | Zabbix Agent Net.tcp.listen Command Injection Vulnerability -3 (CVE-2009-4502) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. | |
| Impact: | An attacker can execute arbitrary command via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Solaris, FreeBSD | |
| Reference: | https://www.zabbix.com/ http://www.securityfocus.com/archive/1/508439 http://www.vupen.com/english/advisories/2009/3514 |
|
| Solutions |
|---|
| Upgrade to version 1.4.4 to solve the problem. |