FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

PEAR -- Net_Ping and Net_Traceroute remote arbitrary command injection

Affected packages
pear-Net_Ping < 2.4.5
pear-Net_Traceroute < 0.21.2

Details

VuXML ID 56ba8728-f987-11de-b28d-00215c6a37bb
Discovery 2009-11-14
Entry 2010-01-04

PEAR Security Advisory reports:

Multiple remote arbitrary command injections have been found in the Net_Ping and Net_Traceroute.

When input from forms are used directly, the attacker could pass variables that would allow him to execute remote arbitrary command injections.

[source]

References

Bugtraq ID 37093
Bugtraq ID 37094
CVE Name CVE-2009-4024
CVE Name CVE-2009-4025
URL http://pear.php.net/advisory20091114-01.txt

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.