During call to external program DNS name of remote host is used withot stripping of shell characters.
vulners.com/securityvulns/securityvulns:doc:2685