oss-sec mailing list archives
Re: Net::Ping::External command injections
From: Salvatore Bonaccorso <carnil () debian org>
Date: Tue, 7 Nov 2017 22:00:19 +0100
Hi On Tue, Nov 07, 2017 at 05:51:27PM +0100, Matthias Weckbecker wrote:
Hi, Net::Ping::External [0] is prone to command injection vulnerabilities. The issues are roughly 10 (!) years old [1], but the code is still being shipped these days (e.g. in ubuntu artful and debian stretch [2]). I had contacted the author of the code a few days ago, but obviously did not get any reaction. A patch is available here: http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch
This issue has been assinged CVE-2008-7319 by MITRE. Regards, Salvatore
Current thread:
- Net::Ping::External command injections Matthias Weckbecker (Nov 07)
- Re: Net::Ping::External command injections Charlie Brady (Nov 07)
- Re: Net::Ping::External command injections Simon McVittie (Nov 07)
- Re: Net::Ping::External command injections Salvatore Bonaccorso (Nov 07)