Signature Detail
Short Name |
APP:MISC:ZABBIX-AGENT-RCE |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Zabbix Agent NET_TCP_LISTEN Function Remote Code Execution |
Release Date |
2011/11/21 |
Update Number |
2033 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: Zabbix Agent NET_TCP_LISTEN Function Remote Code Execution
This signature detects attempts to exploit a known vulnerability against shell metacharacters in Zabbix Agent. It is due to insufficient validation of user-supplied input. Malicious users can execute arbitrary shell commands at the same privilege level as server.
Extended Description
ZABBIX is prone to a security-bypass vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to bypass certain security restrictions and execute arbitrary commands within the context of the affected application. Versions prior to ZABBIX 1.6.7 are vulnerable. NOTE: This issue affects ZABBIX installed on Solaris and FreeBSD only.
Affected Products
- ZABBIX 1.1.2
- ZABBIX 1.1.3
- ZABBIX 1.1.4
- ZABBIX 1.1.5
- ZABBIX 1.4.2
- ZABBIX 1.4.3
- ZABBIX 1.6.2
- ZABBIX 1.6.3
- ZABBIX 1.6.6
References
- BugTraq: 37306
- CVE: CVE-2009-4502