APP: Zabbix Agent NET_TCP_LISTEN Function Remote Code Execution
This signature detects attempts to exploit a known vulnerability against shell metacharacters in Zabbix Agent. It is due to insufficient validation of user-supplied input. Malicious users can execute arbitrary shell commands at the same privilege level as server.
Extended Description
ZABBIX is prone to a security-bypass vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to bypass certain security restrictions and execute arbitrary commands within the context of the affected application. Versions prior to ZABBIX 1.6.7 are vulnerable. NOTE: This issue affects ZABBIX installed on Solaris and FreeBSD only.
Affected Products
Zabbix zabbix,Zabbix zabbix
Short Name
APP:MISC:ZABBIX-AGENT-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Agent CVE-2009-4502 Code Execution Function NET_TCP_LISTEN Remote Zabbix bid:37306
Release Date
11/21/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
tcp/10050
False Positive
Unknown
Vendors
Zabbix
CVSS Score
9.3