https://bugzilla.redhat.com/show_bug.cgi?id=1510782 Bug ID: 1510782 Summary: CVE-2008-7319 perl-Net-Ping-External: Unproper argument sanitization Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@xxxxxxxxxx Reporter: anemec@xxxxxxxxxx CC: mitr@xxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used. Upstream issue: https://rt.cpan.org/Public/Bug/Display.html?id=33230 References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881097 http://www.openwall.com/lists/oss-security/2017/11/07/4 -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ perl-devel mailing list -- perl-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to perl-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
