{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-07-28T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-09-09T09:00:00.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"}, {"name": "FEDORA-2010-11524", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"}, {"name": "40796", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40796"}, {"name": "66648", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/66648"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://svn.kvirc.de/kvirc/changeset/4693"}, {"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=128041011428629&w=2"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2010/07/28/1"}, {"name": "40727", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40727"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://svn.kvirc.de/kvirc/ticket/858"}, {"name": "FEDORA-2010-11506", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2785", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://bugs.gentoo.org/show_bug.cgi?id=330111", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"}, {"name": "FEDORA-2010-11524", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"}, {"name": "40796", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40796"}, {"name": "66648", "refsource": "OSVDB", "url": "http://www.osvdb.org/66648"}, {"name": "https://svn.kvirc.de/kvirc/changeset/4693", "refsource": "CONFIRM", "url": "https://svn.kvirc.de/kvirc/changeset/4693"}, {"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=128041011428629&w=2"}, {"name": "SUSE-SR:2010:014", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2010/07/28/1"}, {"name": "40727", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40727"}, {"name": "https://svn.kvirc.de/kvirc/ticket/858", "refsource": "CONFIRM", "url": "https://svn.kvirc.de/kvirc/ticket/858"}, {"name": "FEDORA-2010-11506", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:46:48.031Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"}, {"name": "FEDORA-2010-11524", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"}, {"name": "40796", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40796"}, {"name": "66648", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/66648"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://svn.kvirc.de/kvirc/changeset/4693"}, {"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=128041011428629&w=2"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2010/07/28/1"}, {"name": "40727", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40727"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://svn.kvirc.de/kvirc/ticket/858"}, {"name": "FEDORA-2010-11506", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2785", "datePublished": "2010-08-02T19:00:00.000Z", "dateReserved": "2010-07-22T00:00:00.000Z", "dateUpdated": "2024-08-07T02:46:48.031Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "24A0A10B-8DDC-4C5C-9E71-DE35B5AD4F6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "A97539C0-DAFD-4187-9A31-93F3AF850588", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "CB5277BA-B51B-4086-960A-3351EAB9ACA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "37C39663-F342-4115-B3D5-F97D3525A95A", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B91ED333-CB47-401A-894B-4A1CF5AED8E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "B6742F39-882E-47E3-A375-B43C7ED771C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "2D0F8E8D-E1B3-4838-A7E5-9D1678E848CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "63A25E20-68DF-4075-95D7-7652A7E2085B", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C6CEC61C-E71C-4B70-B127-26E2DE2BB27F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."}, {"lang": "es", "value": "El componente RC Protocol en KVIrc 3.x y 4.x, en versiones anteriores a la r4693, no maneja adecuadamente caracteres \\ (barra invertida), lo que permite a usuarios locales autenticados ejecutar comandos CTCP de su elecci\u00f3n mediante vectores relacionados con secuencias \\r and \\40, una vulnerabilidad diferente a CVE-2010-2451 y CVE-2010-2452."}], "id": "CVE-2010-2785", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-08-02T20:40:01.560", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://marc.info/?l=oss-security&m=128041011428629&w=2"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2010/07/28/1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40727"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40796"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/66648"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://svn.kvirc.de/kvirc/changeset/4693"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://svn.kvirc.de/kvirc/ticket/858"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://marc.info/?l=oss-security&m=128041011428629&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2010/07/28/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40727"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40796"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/66648"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://svn.kvirc.de/kvirc/changeset/4693"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://svn.kvirc.de/kvirc/ticket/858"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}