PT-2015-4921 · Debian+1 · Smokeping+1

Tero Marttila

Published

2015-11-25

Updated

2015-12-04

CVE-2015-0859

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions smokeping versions prior to 2.6.8-2+deb7u1 in wheezy smokeping versions prior to 2.6.9-1+deb8u1 in jessie

Description The issue arises from the Debian build procedure for the smokeping package, which does not properly configure how Apache httpd passes arguments to smokeping cgi. This allows remote attackers to execute arbitrary code via crafted CGI arguments.

Recommendations For smokeping versions prior to 2.6.8-2+deb7u1 in wheezy, update to version 2.6.8-2+deb7u1 or later. For smokeping versions prior to 2.6.9-1+deb8u1 in jessie, update to version 2.6.9-1+deb8u1 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

CVE-2015-0859

DSA-3405-1

Affected Products

Apache Httpd

Smokeping

PT-2015-4921 · Debian+1 · Smokeping+1

CVE-2015-0859

Weakness Enumeration

Related Identifiers

Affected Products

References · 13