Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-0859

The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cgi, which allows remote attackers to execute arbitrary code via crafted CGI arguments.

Related bugs and status

CVE-2015-0859 (Candidate) is related to these bugs:

Bug #1525927: CVE-2015-0859 arbitrary code execution

Summary				In	Importance	Status
	1525927	CVE-2015-0859 arbitrary code execution		smokeping (Ubuntu)	Medium	Incomplete

See the

CVE page on Mitre.org for more details.

References

DEBIAN: DSA-3405