The Net::Ping::External extension through 0.15 for Perl does not properly
sanitize arguments (e.g., invalid hostnames) containing shell
metacharacters before use of backticks in External.pm, allowing for shell
command injection and arbitrary command execution if untrusted input is
used.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | libnet-ping-external-perl | < any | UNKNOWN |
matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch
www.openwall.com/lists/oss-security/2017/11/07/4
bugs.debian.org/881097
launchpad.net/bugs/cve/CVE-2008-7319
nvd.nist.gov/vuln/detail/CVE-2008-7319
rt.cpan.org/Public/Bug/Display.html?id=33230
security-tracker.debian.org/tracker/CVE-2008-7319
www.cve.org/CVERecord?id=CVE-2008-7319