Unrated severityNVD Advisory· Published Dec 31, 2009· Updated Jun 16, 2026
CVE-2009-4502
CVE-2009-4502
Description
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*range: <=1.6.6
- cpe:2.3:a:zabbix:zabbix:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:zabbix:zabbix:1.4.6:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4- support.zabbix.com/browse/ZBX-1032nvdExploit
- secunia.com/advisories/37740nvdVendor Advisory
- www.vupen.com/english/advisories/2009/3514nvdVendor Advisory
- www.securityfocus.com/archive/1/508439nvd
News mentions
0No linked articles in our index yet.