Debian Linux Security Advisory 1949-1 – It was discovered that php-net-ping, a PHP PEAR module to execute ping independently of the Operating System, performs insufficient input sanitising, which might be used to inject arguments (no CVE yet) or execute arbitrary commands (CVE-2009-4024) on a system that uses php-net-ping.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/83758/dsa-1949-1.txt
Source: https://packetstormsecurity.com/files/83758/Debian-Linux-Security-Advisory-1949-1.html