Intrusion Prevention

Perlpodder.Arbitrary.Shell.Command.Execution

Description

This indicates a possible attempt to exploit a remote code execution vulnerability in Prodder and Perlpodder.
Prodder before 0.5, and perlpodder before 0.5, allow remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast.

Affected Products

Prodder before 0.5
Perlpodder before 0.5

Impact

System compromise: Arbitrary code execution.

Recommended Actions

Upgrade to Perlpodder version 0.5:
http://sourceforge.net/projects/prodder/
Upgrade to Prodder version 0.5:
http://prdownloads.sourceforge.net/perlpodder/

CVE References

CVE-2006-2548 CVE-2006-2550