CVE-2009-4024 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:N/C:C/I:C/A:C
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Vendor	Product	Version
pear	pear	𝑥 ≤ 2.4.4
pear	pear	0.1
pear	pear	1.0
pear	pear	1.0.1
pear	pear	2.1
pear	pear	2.2
pear	pear	2.3
pear	pear	2.4
pear	pear	2.4.1
pear	pear	2.4.2
pear	pear	2.4.3

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

php-net-ping

karmic	Fixed 2.4.2-1+etch1build0.9.10.1 released
jaunty	Fixed 2.4.2-1+etch1build0.9.04.1 released
intrepid	Fixed 2.4.2-1+etch1build0.8.10.1 released
hardy	Fixed 2.4.2-1+etch1build0.8.04.1 released
dapper	dne

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/

http://pear.php.net/advisory20091114-01.txt

http://pear.php.net/package/Net_Ping/download/2.4.5

http://secunia.com/advisories/37451

http://secunia.com/advisories/37502

http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669

http://www.debian.org/security/2009/dsa-1949

http://www.securityfocus.com/bid/37093

http://www.vupen.com/english/advisories/2009/3320

https://exchange.xforce.ibmcloud.com/vulnerabilities/54390

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01044.html

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01130.html

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01152.html

http://blog.pear.php.net/2009/11/14/net_traceroute-and-net_ping-security-advisory/

http://pear.php.net/advisory20091114-01.txt

http://pear.php.net/package/Net_Ping/download/2.4.5

http://secunia.com/advisories/37451

http://secunia.com/advisories/37502

http://svn.php.net/viewvc/pear/packages/Net_Ping/trunk/Ping.php?r1=274728&r2=290669&pathrev=290669

http://www.debian.org/security/2009/dsa-1949

http://www.securityfocus.com/bid/37093

http://www.vupen.com/english/advisories/2009/3320

https://exchange.xforce.ibmcloud.com/vulnerabilities/54390

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01044.html

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01130.html

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01152.html