CVE-2009-4024 - Vulnerability Details - OpenCVE

Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pear	Pear

Configuration 1 [-]

OR	cpe:2.3:a:pear:pear::::::::
	cpe:2.3:a:pear:pear:0.1:::::::*
	cpe:2.3:a:pear:pear:1.0:::::::*
	cpe:2.3:a:pear:pear:1.0.1:::::::*
	cpe:2.3:a:pear:pear:2.1:::::::*
	cpe:2.3:a:pear:pear:2.2:::::::*
	cpe:2.3:a:pear:pear:2.3:::::::*
	cpe:2.3:a:pear:pear:2.4:::::::*
	cpe:2.3:a:pear:pear:2.4.1:::::::*
	cpe:2.3:a:pear:pear:2.4.2:::::::*
	cpe:2.3:a:pear:pear:2.4.3:::::::*

No data.

References

Link	Providers
http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/
http://pear.php.net/advisory20091114-01.txt
http://pear.php.net/package/Net_Ping/download/2.4.5
http://secunia.com/advisories/37451
http://secunia.com/advisories/37502
http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669
http://www.debian.org/security/2009/dsa-1949
http://www.securityfocus.com/bid/37093
http://www.vupen.com/english/advisories/2009/3320
https://exchange.xforce.ibmcloud.com/vulnerabilities/54390
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01044.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01130.html
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01152.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-11-28T17:00:00

Updated: 2024-08-07T06:45:50.941Z

Reserved: 2009-11-20T00:00:00

Link: CVE-2009-4024

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-11-29T13:07:35.733

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-4024

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-11-14T00:00:00", "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2009-11613", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01152.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://pear.php.net/package/Net_Ping/download/2.4.5"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://pear.php.net/advisory20091114-01.txt"}, {"name": "FEDORA-2009-12156", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01130.html"}, {"name": "netping-ping-command-execution(54390)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54390"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/"}, {"name": "37093", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/37093"}, {"name": "ADV-2009-3320", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3320"}, {"name": "37502", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37502"}, {"name": "FEDORA-2009-11523", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01044.html"}, {"name": "DSA-1949", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1949"}, {"name": "37451", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37451"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2009-4024", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2009-11613", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01152.html"}, {"name": "http://pear.php.net/package/Net_Ping/download/2.4.5", "refsource": "CONFIRM", "url": "http://pear.php.net/package/Net_Ping/download/2.4.5"}, {"name": "http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669", "refsource": "CONFIRM", "url": "http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669"}, {"name": "http://pear.php.net/advisory20091114-01.txt", "refsource": "CONFIRM", "url": "http://pear.php.net/advisory20091114-01.txt"}, {"name": "FEDORA-2009-12156", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01130.html"}, {"name": "netping-ping-command-execution(54390)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54390"}, {"name": "http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/", "refsource": "CONFIRM", "url": "http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/"}, {"name": "37093", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37093"}, {"name": "ADV-2009-3320", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3320"}, {"name": "37502", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37502"}, {"name": "FEDORA-2009-11523", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01044.html"}, {"name": "DSA-1949", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1949"}, {"name": "37451", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37451"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T06:45:50.941Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2009-11613", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01152.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://pear.php.net/package/Net_Ping/download/2.4.5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://pear.php.net/advisory20091114-01.txt"}, {"name": "FEDORA-2009-12156", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01130.html"}, {"name": "netping-ping-command-execution(54390)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54390"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/"}, {"name": "37093", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/37093"}, {"name": "ADV-2009-3320", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3320"}, {"name": "37502", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37502"}, {"name": "FEDORA-2009-11523", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01044.html"}, {"name": "DSA-1949", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2009/dsa-1949"}, {"name": "37451", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37451"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2009-4024", "datePublished": "2009-11-28T17:00:00", "dateReserved": "2009-11-20T00:00:00", "dateUpdated": "2024-08-07T06:45:50.941Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pear:pear:*:*:*:*:*:*:*:*", "matchCriteriaId": "473A9117-A567-42DF-AEF4-C553CC1F7868", "versionEndIncluding": "2.4.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pear:pear:0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A3DE79B9-896E-4D85-8611-5E017914A5C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pear:pear:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "58408E82-0947-42D3-9C2E-1DE5DE06A4CB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pear:pear:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "4498F9DF-236A-4C43-BBCB-9E08475F55E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pear:pear:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "8AE0EF34-D55E-4D9E-9952-41DFA16E4A1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pear:pear:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "DE92286A-AECC-4C48-8277-AB3AC64EEEBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pear:pear:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "BC746851-4704-45F8-96C4-209AEEF7EF7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pear:pear:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "81F940B1-363F-4572-95D5-F40BDDDB106F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pear:pear:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE46B296-5EA3-48A9-ACC6-DE9C5A7BB767", "vulnerable": true}, {"criteria": "cpe:2.3:a:pear:pear:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "15A72DB1-019F-4F29-B201-17894F3545EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:pear:pear:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A05689D4-9595-4A20-BEAA-23F97DBB1634", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. NOTE: this has also been reported as a shell metacharacter problem."}, {"lang": "es", "value": "La vulnerabilidad de inyecci\u00f3n de argumentos en la funci\u00f3n ping en el archivo Ping.php en el paquete Net_Ping anterior a versi\u00f3n 2.4.5 para PEAR, permite a los atacantes remotos ejecutar comandos de shell arbitrarios por medio del par\u00e1metro host. NOTA: esto tambi\u00e9n se ha notificado como un problema del metacar\u00e1cter de shell."}], "id": "CVE-2009-4024", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-11-29T13:07:35.733", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://pear.php.net/advisory20091114-01.txt"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://pear.php.net/package/Net_Ping/download/2.4.5"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37451"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/37502"}, {"source": "secalert@redhat.com", "url": "http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2009/dsa-1949"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/37093"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3320"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54390"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01044.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01130.html"}, {"source": "secalert@redhat.com", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01152.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://pear.php.net/advisory20091114-01.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://pear.php.net/package/Net_Ping/download/2.4.5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/37451"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/37502"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2009/dsa-1949"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/37093"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/3320"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54390"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01044.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01130.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01152.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}