CVE-2016-9140

NameCVE-2016-9140
DescriptionRCE
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs842702

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zabbix (PTS)jessie (security), jessie1:2.2.7+dfsg-2+deb8u3vulnerable
stretch1:3.0.7+dfsg-3fixed
buster, sid1:3.0.12+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zabbixsource(unstable)1:3.0.6+dfsg-1unimportant842702

Notes

https://www.exploit-db.com/exploits/39937/
Claimed to be not a vulnerability but a superadmin using a feature
as intended. 1:3.0.6+dfsg-1 improved the API script.execute validation.

Search for package or bug name: Reporting problems