CVE-2015-0859

Name of the Vulnerable Software and Affected Versions smokeping versions prior to 2.6.8-2+deb7u1 in wheezy smokeping versions prior to 2.6.9-1+deb8u1 in jessie

Description The issue arises from the Debian build procedure for the smokeping package, which does not properly configure how Apache httpd passes arguments to smokeping cgi. This allows remote attackers to execute arbitrary code via crafted CGI arguments.

Recommendations For smokeping versions prior to 2.6.8-2+deb7u1 in wheezy, update to version 2.6.8-2+deb7u1 or later. For smokeping versions prior to 2.6.9-1+deb8u1 in jessie, update to version 2.6.9-1+deb8u1 or later.