CVE-2010-2246 - OpenCVE

feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Feh Project	Feh

Configuration 1 [-]

OR	cpe:2.3:a:feh_project:feh::::::::
	cpe:2.3:a:feh_project:feh:0.5.0:::::::*
	cpe:2.3:a:feh_project:feh:0.6.4:::::::*
	cpe:2.3:a:feh_project:feh:0.7.0:::::::*
	cpe:2.3:a:feh_project:feh:0.9.9:::::::*
	cpe:2.3:a:feh_project:feh:1.1.0:::::::*
	cpe:2.3:a:feh_project:feh:1.2.0:::::::*
	cpe:2.3:a:feh_project:feh:1.2.1:::::::*
	cpe:2.3:a:feh_project:feh:1.2.3:::::::*
	cpe:2.3:a:feh_project:feh:1.2.5:::::::*
	cpe:2.3:a:feh_project:feh:1.2.6:::::::*
	cpe:2.3:a:feh_project:feh:1.2.7:::::::*
	cpe:2.3:a:feh_project:feh:1.3.0:::::::*
	cpe:2.3:a:feh_project:feh:1.3.1:::::::*
	cpe:2.3:a:feh_project:feh:1.3.3:::::::*
	cpe:2.3:a:feh_project:feh:1.3.5:::::::*
	cpe:2.3:a:feh_project:feh:1.4:::::::*
	cpe:2.3:a:feh_project:feh:1.4.1:::::::*
	cpe:2.3:a:feh_project:feh:1.4.2:::::::*
	cpe:2.3:a:feh_project:feh:1.4.3:::::::*
	cpe:2.3:a:feh_project:feh:1.5:::::::*
	cpe:2.3:a:feh_project:feh:1.6:::::::*
	cpe:2.3:a:feh_project:feh:1.6.1:::::::*

No data.

References

Link	Providers
http://derf.homelinux.org/git/feh/plain/ChangeLog
http://openwall.com/lists/oss-security/2010/06/25/4
http://openwall.com/lists/oss-security/2010/06/28/4
http://www.securityfocus.com/bid/41161

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-05-26T18:00:00Z

Updated: 2024-08-07T02:25:07.557Z

Reserved: 2010-06-09T00:00:00Z

Link: CVE-2010-2246

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2011-05-26T18:55:01.787

Modified: 2020-02-27T13:13:11.473

Link: CVE-2010-2246

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:feh_project:feh:*:*:*:*:*:*:*:*", "matchCriteriaId": "09377B37-329A-488D-9E9E-526A8DAF5B3B", "versionEndIncluding": "1.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:0.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "94B06044-431D-436A-968A-E63DA7C98313", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:0.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "9A8F51C2-220C-42D9-835E-F50449AB0AD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:0.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "CB81F274-614A-4777-A09F-7F18EEE5E560", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:0.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "FAE1BC5D-D4F3-485E-AFE3-94C81F5A783A", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F983BC56-E0D3-4C51-B2BF-D6FB62E65687", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "24992069-559D-4766-8CE3-A8E652612C52", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "4DF9DF47-988E-43BE-AB93-65298CA2B3EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "75375308-34D2-43AD-A375-3805D2CD832A", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "E6A1208D-7E71-45D0-B7AD-D9E3FB838B0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "383331D2-5F26-4973-8060-F5032E70D5E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "21A561E5-B316-4E9D-AFF5-9B5BD622BEE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E54259EE-FDD6-4CFB-BCAF-D50C5F486EC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "3AAFE373-EDD7-4BC6-8EAB-745B7016D402", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB3EDBBE-075E-4E22-9B8D-5847813B1E9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "E7F42B57-48F8-4829-9199-90CDDA81E20A", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "D326B0BC-9573-4363-B82C-E35E06216D3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4E301ACD-A495-49B4-BF0A-99BF6E580B25", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "49068803-44F8-43FA-80F7-D358D62304DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "F8DD385F-EAD2-4A9B-A14B-8623834FE5FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "FC289CF0-2FA5-407A-8F24-CB90C36AA27B", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "F369ACF2-5BDC-4157-9838-B7E364E3034E", "vulnerable": true}, {"criteria": "cpe:2.3:a:feh_project:feh:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "AB4AD21D-3F70-4507-AC69-2DB1D436A4F7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL."}, {"lang": "es", "value": "FEH anterior a v1.8, cuando la opci\u00f3n --wget-timestamp- est\u00e1 activada, podr\u00eda permitir a atacantes remotos ejecutar comandos arbitrarios v\u00eda metacaracteres shell en una direcci\u00f3n URL."}], "id": "CVE-2010-2246", "lastModified": "2020-02-27T13:13:11.473", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-05-26T18:55:01.787", "references": [{"source": "secalert@redhat.com", "url": "http://derf.homelinux.org/git/feh/plain/ChangeLog"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://openwall.com/lists/oss-security/2010/06/25/4"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://openwall.com/lists/oss-security/2010/06/28/4"}, {"source": "secalert@redhat.com", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/41161"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}