The remote host is missing an update to zabbix announced via advisory DSA 1420-1.
Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation. For the stable distribution (etch), this problem has been fixed in version 1:1.1.4-10etch1 zabbix is not included in the oldstable distribution (sarge). We recommend that you upgrade your zabbix packages.
- Debian Security Advisory DSA 1057-1 (phpldapadmin)
- Debian Security Advisory DSA 2214-1 (ikiwiki)
- Debian Security Advisory DSA 1060-1 (kernel-patch-vserver)
- Debian Security Advisory DSA 1947-1 (shibboleth-sp, shibboleth-sp2, opensaml2)
- Debian Security Advisory DSA 2661-1 (xorg-server - information disclosure)