|Description||Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem.|
|Source||CVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)|
|NVD severity||high (attack range: remote)|
|Debian/stable||not known to be vulnerable.|
|Debian/testing||not known to be vulnerable.|
|Debian/unstable||not known to be vulnerable.|
Vulnerable and fixed packages
The table below lists information on source packages.
The information above is based on the following data on fixed versions.
fix applied by upstream is incomplete, reported to oss-sec