The remote host is missing an update to zabbix announced via advisory DSA 1420-1.
Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation. For the stable distribution (etch), this problem has been fixed in version 1:1.1.4-10etch1 zabbix is not included in the oldstable distribution (sarge). We recommend that you upgrade your zabbix packages.
- Debian Security Advisory DSA 2627-1 (nginx - information leak)
- Debian Security Advisory DSA 1028-1 (libimager-perl)
- Debian Security Advisory DSA 2649-1 (lighttpd - fixed socket name in world-writable directory)
- Debian Security Advisory DSA 1517-1 (ldapscripts)
- Debian Security Advisory DSA 2840-1 (srtp - buffer overflow)