CVE-2015-0859

NameCVE-2015-0859
DescriptionThe Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-3405-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
smokeping (PTS)buster2.7.3-2fixed
bullseye2.7.3-3fixed
bookworm2.7.3-4.1fixed
sid, trixie2.8.2+ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
smokepingsourcesqueeze(not affected)
smokepingsourcewheezy2.6.8-2+deb7u1DSA-3405-1
smokepingsourcejessie2.6.9-1+deb8u1DSA-3405-1
smokepingsource(unstable)2.6.11-2

Notes

[squeeze] - smokeping <not-affected> (Vulnerable code not present)

Search for package or bug name: Reporting problems