Unrated severityNVD Advisory· Published Dec 31, 2009· Updated Apr 23, 2026

CVE-2009-4502

Description

The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.

Affected products

Zabbix/Zabbix9 versions
cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*range: <=1.6.6
- cpe:2.3:a:zabbix:zabbix:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.zabbix.com/browse/ZBX-1032nvdExploit
secunia.com/advisories/37740nvdVendor Advisory
www.vupen.com/english/advisories/2009/3514nvdVendor Advisory
www.securityfocus.com/archive/1/508439nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.051
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000