CVE-2009-4502

This Metasploit module exploits a metacharacter injection vulnerability in Zabbix Agent's net.tcp.listen command on FreeBSD and Solaris systems. It sends a maliciously crafted request to execute arbitrary commands if the attacker's IP is in the allowed server list.

This exploit bypasses the EnableRemoteCommands=0 restriction in Zabbix Agent on FreeBSD and Solaris by injecting arbitrary commands via the net.tcp.listen parameter. The vulnerability arises from improper input validation in the NET_TCP_LISTEN function.

This Metasploit module exploits a metacharacter injection vulnerability in Zabbix Agent's net.tcp.listen command on FreeBSD and Solaris systems. It sends a maliciously crafted payload to execute arbitrary commands if the attacker's IP is in the allowed server list.