CVE-2009-4500

Name of the Vulnerable Software and Affected Versions Zabbix Server versions prior to 1.6.6

Description The issue allows remote attackers to cause a denial of service, resulting in a crash. This is achieved by sending a crafted request with data that lacks an expected : (colon) separator, triggering a NULL pointer dereference in the process trap function.

Recommendations For versions prior to 1.6.6, update to version 1.6.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the process trap function in trapper/trapper.c to minimize the risk of exploitation.