CVE-2010-2785 - OpenCVE

The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kvirc	Kvirc

Configuration 1 [-]

OR	cpe:2.3:a:kvirc:kvirc:3.0.0:::::::*
	cpe:2.3:a:kvirc:kvirc:3.0.0:beta1::::::
	cpe:2.3:a:kvirc:kvirc:3.0.0:beta2::::::
	cpe:2.3:a:kvirc:kvirc:3.0.1:::::::*
	cpe:2.3:a:kvirc:kvirc:3.4.0:::::::*
	cpe:2.3:a:kvirc:kvirc:3.4.2:::::::*
	cpe:2.3:a:kvirc:kvirc:3.4.2:rc1::::::
	cpe:2.3:a:kvirc:kvirc:4.0.0:::::::*
	cpe:2.3:a:kvirc:kvirc:4.0.2:::::::*

No data.

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=330111
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://marc.info/?l=oss-security&m=128041011428629&w=2
http://openwall.com/lists/oss-security/2010/07/28/1
http://secunia.com/advisories/40727
http://secunia.com/advisories/40796
http://www.osvdb.org/66648
https://svn.kvirc.de/kvirc/changeset/4693
https://svn.kvirc.de/kvirc/ticket/858

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-08-02T19:00:00

Updated: 2024-08-07T02:46:48.031Z

Reserved: 2010-07-22T00:00:00

Link: CVE-2010-2785

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-08-02T20:40:01.560

Modified: 2010-09-09T05:43:15.693

Link: CVE-2010-2785

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-07-28T00:00:00", "descriptions": [{"lang": "en", "value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-09-09T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"}, {"name": "FEDORA-2010-11524", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"}, {"name": "40796", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40796"}, {"name": "66648", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/66648"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://svn.kvirc.de/kvirc/changeset/4693"}, {"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=128041011428629&w=2"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2010/07/28/1"}, {"name": "40727", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40727"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://svn.kvirc.de/kvirc/ticket/858"}, {"name": "FEDORA-2010-11506", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-2785", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://bugs.gentoo.org/show_bug.cgi?id=330111", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"}, {"name": "FEDORA-2010-11524", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"}, {"name": "40796", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40796"}, {"name": "66648", "refsource": "OSVDB", "url": "http://www.osvdb.org/66648"}, {"name": "https://svn.kvirc.de/kvirc/changeset/4693", "refsource": "CONFIRM", "url": "https://svn.kvirc.de/kvirc/changeset/4693"}, {"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "refsource": "MLIST", "url": "http://marc.info/?l=oss-security&m=128041011428629&w=2"}, {"name": "SUSE-SR:2010:014", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2010/07/28/1"}, {"name": "40727", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40727"}, {"name": "https://svn.kvirc.de/kvirc/ticket/858", "refsource": "CONFIRM", "url": "https://svn.kvirc.de/kvirc/ticket/858"}, {"name": "FEDORA-2010-11506", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T02:46:48.031Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"}, {"name": "FEDORA-2010-11524", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"}, {"name": "40796", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40796"}, {"name": "66648", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/66648"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://svn.kvirc.de/kvirc/changeset/4693"}, {"name": "[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=128041011428629&w=2"}, {"name": "SUSE-SR:2010:014", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"name": "[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2010/07/28/1"}, {"name": "40727", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40727"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://svn.kvirc.de/kvirc/ticket/858"}, {"name": "FEDORA-2010-11506", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-2785", "datePublished": "2010-08-02T19:00:00", "dateReserved": "2010-07-22T00:00:00", "dateUpdated": "2024-08-07T02:46:48.031Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "24A0A10B-8DDC-4C5C-9E71-DE35B5AD4F6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "A97539C0-DAFD-4187-9A31-93F3AF850588", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "CB5277BA-B51B-4086-960A-3351EAB9ACA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "37C39663-F342-4115-B3D5-F97D3525A95A", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "B91ED333-CB47-401A-894B-4A1CF5AED8E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "B6742F39-882E-47E3-A375-B43C7ED771C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:3.4.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "2D0F8E8D-E1B3-4838-A7E5-9D1678E848CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "63A25E20-68DF-4075-95D7-7652A7E2085B", "vulnerable": true}, {"criteria": "cpe:2.3:a:kvirc:kvirc:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "C6CEC61C-E71C-4B70-B127-26E2DE2BB27F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."}, {"lang": "es", "value": "El componente RC Protocol en KVIrc 3.x y 4.x, en versiones anteriores a la r4693, no maneja adecuadamente caracteres \\ (barra invertida), lo que permite a usuarios locales autenticados ejecutar comandos CTCP de su elecci\u00f3n mediante vectores relacionados con secuencias \\r and \\40, una vulnerabilidad diferente a CVE-2010-2451 y CVE-2010-2452."}], "id": "CVE-2010-2785", "lastModified": "2010-09-09T05:43:15.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-08-02T20:40:01.560", "references": [{"source": "secalert@redhat.com", "url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"}, {"source": "secalert@redhat.com", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"}, {"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://marc.info/?l=oss-security&m=128041011428629&w=2"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2010/07/28/1"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40727"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/40796"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/66648"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://svn.kvirc.de/kvirc/changeset/4693"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://svn.kvirc.de/kvirc/ticket/858"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}