CVE-2009-4024
Published: 29 November 2009
Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem.
Priority
Status
Package | Release | Status |
---|---|---|
php-net-ping Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
dapper |
Does not exist
|
|
hardy |
Released
(2.4.2-1+etch1build0.8.04.1)
|
|
intrepid |
Released
(2.4.2-1+etch1build0.8.10.1)
|
|
jaunty |
Released
(2.4.2-1+etch1build0.9.04.1)
|
|
karmic |
Released
(2.4.2-1+etch1build0.9.10.1)
|
|
lucid |
Not vulnerable
(2.4.2-1.1)
|