CVE-2010-2785

{"id": "CVE-2010-2785", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-08-02T20:40:01.560", "references": [{"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html", "source": "secalert@redhat.com"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html", "source": "secalert@redhat.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html", "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=oss-security&m=128041011428629&w=2", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2010/07/28/1", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/40727", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/40796", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.osvdb.org/66648", "source": "secalert@redhat.com"}, {"url": "https://svn.kvirc.de/kvirc/changeset/4693", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://svn.kvirc.de/kvirc/ticket/858", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=330111", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=oss-security&m=128041011428629&w=2", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://openwall.com/lists/oss-security/2010/07/28/1", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/40727", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/40796", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/66648", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://svn.kvirc.de/kvirc/changeset/4693", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://svn.kvirc.de/kvirc/ticket/858", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."}, {"lang": "es", "value": "El componente RC Protocol en KVIrc 3.x y 4.x, en versiones anteriores a la r4693, no maneja adecuadamente caracteres \\ (barra invertida), lo que permite a usuarios locales autenticados ejecutar comandos CTCP de su elecci\u00f3n mediante vectores relacionados con secuencias \\r and \\40, una vulnerabilidad diferente a CVE-2010-2451 y CVE-2010-2452."}], "lastModified": "2024-11-21T01:17:22.407", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24A0A10B-8DDC-4C5C-9E71-DE35B5AD4F6C"}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A97539C0-DAFD-4187-9A31-93F3AF850588"}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB5277BA-B51B-4086-960A-3351EAB9ACA8"}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37C39663-F342-4115-B3D5-F97D3525A95A"}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B91ED333-CB47-401A-894B-4A1CF5AED8E9"}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6742F39-882E-47E3-A375-B43C7ED771C3"}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.2:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D0F8E8D-E1B3-4838-A7E5-9D1678E848CD"}, {"criteria": "cpe:2.3:a:kvirc:kvirc:4.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63A25E20-68DF-4075-95D7-7652A7E2085B"}, {"criteria": "cpe:2.3:a:kvirc:kvirc:4.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6CEC61C-E71C-4B70-B127-26E2DE2BB27F"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}