10

CVE-2009-4024

Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter.  NOTE: this has also been reported as a shell metacharacter problem.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PearPear Version <= 2.4.4
PearPear Version0.1
PearPear Version1.0
PearPear Version1.0.1
PearPear Version2.1
PearPear Version2.2
PearPear Version2.3
PearPear Version2.4
PearPear Version2.4.1
PearPear Version2.4.2
PearPear Version2.4.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.13% 0.925
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/
Patch
http://pear.php.net/advisory20091114-01.txt
Vendor Advisory
http://pear.php.net/package/Net_Ping/download/2.4.5
Patch
Vendor Advisory
http://secunia.com/advisories/37451
Vendor Advisory
http://secunia.com/advisories/37502
http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669
http://www.debian.org/security/2009/dsa-1949
http://www.securityfocus.com/bid/37093
http://www.vupen.com/english/advisories/2009/3320
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/54390
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01044.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01130.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01152.html