CPANSA-Net-Ping-External-2008-7319: Net-Ping-External vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2017-11-07T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2017-11-07T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | 9.8 | Severity | Critical |
Original language | Language | en | |
Also referred to |
Vulnerability Description
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.
Vulnerabilities
CVE-2008-7319
Vulnerability DescriptionThe Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.
Weakness | CWE-77 : Improper Neutralization of Special Elements used in a Command ('Command Injection') |
---|
Product status
Known affected
Product | Score | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Net-Ping-External less than or equal 0.15 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Net-Ping-External-2008-7319 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2017/cpansa-net-ping-external-2008-7319.json - https://rt.cpan.org/Public/Bug/Display.html?id=33230 external
https://rt.cpan.org/Public/Bug/Display.html?id=33230 - https://bugs.debian.org/881097 external
https://bugs.debian.org/881097 - http://www.openwall.com/lists/oss-security/2017/11/07/4 external
http://www.openwall.com/lists/oss-security/2017/11/07/4 - http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch external
http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch - CVE-2008-7319 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2008-7319
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Tue Nov 7 00:00:00 2017 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/