News Feed
Jobs Feed
Sections




News Archive
PEAR Blog:
Net_Traceroute and Net_Ping security advisory
by Chris Cornutt November 16, 2009 @ 07:56:43

An advisory has been issued on the PEAR blog about two packages - Net_Traceroute and Net_Ping - that could expose your site to a security issue, a remote arbitrary command injection.

Net_Ping is an OS independent wrapper class for executing ping calls from PHP. Net_Traceroute is an OS independent wrapper class for executing traceroute calls from PHP. When input from forms are used directly, the attacker could pass variables that would allow him to execute remote arbitrary command injections.

You can use filtering as a workaround until your packages are updated on your server. You can upgrade to the latest packages here: Net_Ping, Net_Traceroute.

0 comments voice your opinion now!
pear package security vulnerability nettraceroute netping


blog comments powered by Disqus

Similar Posts

Henri Bergius' Blog: Composer Solves The PHP Code-Sharing Problem

Pierre-Alain Joye's Blog: Package Updates - Zip & htscanner

Community News: WordPress 2.0.6 Released to Resolve Security Issues

Pádraic Brady: PHP Security: Default Vulnerabilities, Security Omissions & Framing Programmer

Secunia.com: rPath update for gd, php, php-mysql, and php-pgsql


 Community Events











Don't see your event here?
Let us know!

zendframework2 testing conference functional community opinion series example language tool code interview application podcast phpunit introduction release framework development unittest

All content copyright, 2013 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework