CVE-2008-7319

NameCVE-2008-7319
DescriptionThe Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh (attack range: remote)
Debian Bugs881097

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libnet-ping-external-perlsource(unstable)(unfixed)high881097

Notes

[wheezy] - libnet-ping-external-perl <ignored> (Package may be removed from Wheezy, see #881102)
https://rt.cpan.org/Public/Bug/Display.html?id=33230
Proposed patch: http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch

Search for package or bug name: Reporting problems