FreeBSD Local Security Checks : FreeBSD Ports: pear-Net

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66644

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: pear-Net_Ping

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following packages are affected:

pear-Net_Ping
pear-Net_Traceroute

CVE-2009-4024
Argument injection vulnerability in the ping function in Ping.php in
the Net_Ping package before 2.4.5 for PEAR allows remote attackers to
execute arbitrary shell commands via the host parameter.

CVE-2009-4025
Argument injection vulnerability in the traceroute function in
Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR
allows remote attackers to execute arbitrary shell commands via the
host parameter. NOTE: some of these details are obtained from third
party information.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4024
BugTraq ID: 37093
http://www.securityfocus.com/bid/37093
Debian Security Information: DSA-1949 (Google Search)
http://www.debian.org/security/2009/dsa-1949
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01044.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01152.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01130.html
http://secunia.com/advisories/37451
http://secunia.com/advisories/37502
http://www.vupen.com/english/advisories/2009/3320
XForce ISS Database: netping-ping-command-execution(54390)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54390
Common Vulnerability Exposure (CVE) ID: CVE-2009-4025
BugTraq ID: 37094
http://www.securityfocus.com/bid/37094
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01110.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00998.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01007.html
http://security.gentoo.org/glsa/glsa-200911-06.xml
http://www.openwall.com/lists/oss-security/2009/11/23/8
http://osvdb.org/60515
http://secunia.com/advisories/37497
http://secunia.com/advisories/37503
http://www.vupen.com/english/advisories/2009/3321
XForce ISS Database: nettraceroute-traceroute-command-execution(54391)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54391

Copyright Copyright (C) 2010 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66644
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: pear-Net_Ping
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following packages are affected: pear-Net_Ping pear-Net_Traceroute CVE-2009-4024 Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. CVE-2009-4025 Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: some of these details are obtained from third party information. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4024 BugTraq ID: 37093 http://www.securityfocus.com/bid/37093 Debian Security Information: DSA-1949 (Google Search) http://www.debian.org/security/2009/dsa-1949 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01044.html https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01152.html https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01130.html http://secunia.com/advisories/37451 http://secunia.com/advisories/37502 http://www.vupen.com/english/advisories/2009/3320 XForce ISS Database: netping-ping-command-execution(54390) https://exchange.xforce.ibmcloud.com/vulnerabilities/54390 Common Vulnerability Exposure (CVE) ID: CVE-2009-4025 BugTraq ID: 37094 http://www.securityfocus.com/bid/37094 https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01110.html https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00998.html https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01007.html http://security.gentoo.org/glsa/glsa-200911-06.xml http://www.openwall.com/lists/oss-security/2009/11/23/8 http://osvdb.org/60515 http://secunia.com/advisories/37497 http://secunia.com/advisories/37503 http://www.vupen.com/english/advisories/2009/3321 XForce ISS Database: nettraceroute-traceroute-command-execution(54391) https://exchange.xforce.ibmcloud.com/vulnerabilities/54391
Copyright	Copyright (C) 2010 E-Soft Inc.