What is the severity of CVE-2009-4501?

CVE-2009-4501 has a severity rating that indicates it can lead to a denial of service due to a NULL pointer dereference.

How do I fix CVE-2009-4501?

To fix CVE-2009-4501, upgrade your Zabbix Server to version 1.6.8 or later.

What versions of Zabbix are affected by CVE-2009-4501?

CVE-2009-4501 affects Zabbix Server versions up to 1.6.7, including versions 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.4.2, 1.4.3, 1.4.4, 1.4.6, and 1.6.6.

What type of vulnerability is CVE-2009-4501?

CVE-2009-4501 is a denial of service vulnerability caused by improper input handling.

Can CVE-2009-4501 be exploited remotely?

Yes, CVE-2009-4501 can be exploited remotely by sending a specially crafted request that lacks expected separators.

Vulnerability/
CVE-2009-4501

medium

CWE

119 476

31/12/2009

17/9/2024

CVE-2009-4501: Buffer Overflow

First published: Thu Dec 31 2009(Updated: )

The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zabbix Server	<=1.6.7
Zabbix Server	=1.1.2
Zabbix Server	=1.1.3
Zabbix Server	=1.1.4
Zabbix Server	=1.1.5
Zabbix Server	=1.4.2
Zabbix Server	=1.4.3
Zabbix Server	=1.4.4
Zabbix Server	=1.4.6
Zabbix Server	=1.6.6

Remedy

http://www.securityfocus.com/archive/1/508436/30/60/threaded

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-4501?
CVE-2009-4501 has a severity rating that indicates it can lead to a denial of service due to a NULL pointer dereference.
How do I fix CVE-2009-4501?
To fix CVE-2009-4501, upgrade your Zabbix Server to version 1.6.8 or later.
What versions of Zabbix are affected by CVE-2009-4501?
CVE-2009-4501 affects Zabbix Server versions up to 1.6.7, including versions 1.1.2, 1.1.3, 1.1.4, 1.1.5, 1.4.2, 1.4.3, 1.4.4, 1.4.6, and 1.6.6.
What type of vulnerability is CVE-2009-4501?
CVE-2009-4501 is a denial of service vulnerability caused by improper input handling.
Can CVE-2009-4501 be exploited remotely?
Yes, CVE-2009-4501 can be exploited remotely by sending a specially crafted request that lacks expected separators.

agent/references
agent/weakness
agent/type
agent/severity
agent/author
agent/remedy
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
vendor/zabbix
canonical/zabbix server
version/zabbix server/1.6.7
version/zabbix server/1.1.2
version/zabbix server/1.1.3
version/zabbix server/1.1.4
version/zabbix server/1.1.5
version/zabbix server/1.4.2
version/zabbix server/1.4.3
version/zabbix server/1.4.4
version/zabbix server/1.4.6
version/zabbix server/1.6.6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.