CVE-2008-7319

Name of the Vulnerable Software and Affected Versions Net::Ping::External versions through 0.15

Description The issue is related to the lack of input sanitization in the Net::Ping::External extension for Perl, specifically with regards to shell metacharacters in arguments such as invalid hostnames. This allows for shell command injection and arbitrary command execution if untrusted input is used. The vulnerability can be exploited by a remote attacker to execute arbitrary commands using shell metacharacters.

Recommendations For versions through 0.15, consider disabling the use of backticks in External.pm or restricting input to trusted sources until a patch is available. As a temporary workaround, avoid using untrusted input for the hostname variable in the affected API endpoint. Restrict access to the vulnerable Net::Ping::External extension to minimize the risk of exploitation.