FKIE_CVE-2010-2785

Vulnerability from fkie_nvd - Published: 2010-08-02 20:40 - Updated: 2025-04-11 00:51
Severity ?
Summary
The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
References
secalert@redhat.comhttp://bugs.gentoo.org/show_bug.cgi?id=330111
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
secalert@redhat.comhttp://marc.info/?l=oss-security&m=128041011428629&w=2Patch
secalert@redhat.comhttp://openwall.com/lists/oss-security/2010/07/28/1Patch
secalert@redhat.comhttp://secunia.com/advisories/40727Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/40796Vendor Advisory
secalert@redhat.comhttp://www.osvdb.org/66648
secalert@redhat.comhttps://svn.kvirc.de/kvirc/changeset/4693Patch
secalert@redhat.comhttps://svn.kvirc.de/kvirc/ticket/858Patch
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=330111
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=oss-security&m=128041011428629&w=2Patch
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2010/07/28/1Patch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40727Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/40796Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/66648
af854a3a-2127-422b-91ae-364da2661108https://svn.kvirc.de/kvirc/changeset/4693Patch
af854a3a-2127-422b-91ae-364da2661108https://svn.kvirc.de/kvirc/ticket/858Patch
Impacted products
Vendor Product Version
kvirc kvirc 3.0.0
kvirc kvirc 3.0.0
kvirc kvirc 3.0.0
kvirc kvirc 3.0.1
kvirc kvirc 3.4.0
kvirc kvirc 3.4.2
kvirc kvirc 3.4.2
kvirc kvirc 4.0.0
kvirc kvirc 4.0.2
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A0A10B-8DDC-4C5C-9E71-DE35B5AD4F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "A97539C0-DAFD-4187-9A31-93F3AF850588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kvirc:kvirc:3.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "CB5277BA-B51B-4086-960A-3351EAB9ACA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kvirc:kvirc:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C39663-F342-4115-B3D5-F97D3525A95A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B91ED333-CB47-401A-894B-4A1CF5AED8E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kvirc:kvirc:3.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6742F39-882E-47E3-A375-B43C7ED771C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kvirc:kvirc:3.4.2:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "2D0F8E8D-E1B3-4838-A7E5-9D1678E848CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kvirc:kvirc:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "63A25E20-68DF-4075-95D7-7652A7E2085B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:kvirc:kvirc:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6CEC61C-E71C-4B70-B127-26E2DE2BB27F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \\ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \\r and \\40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452."
    },
    {
      "lang": "es",
      "value": "El componente RC Protocol en KVIrc 3.x y 4.x, en versiones anteriores a la r4693, no maneja adecuadamente caracteres \\ (barra invertida), lo que permite a usuarios locales autenticados ejecutar comandos CTCP de su elecci\u00f3n mediante vectores relacionados con secuencias \\r and \\40, una vulnerabilidad diferente a CVE-2010-2451 y CVE-2010-2452."
    }
  ],
  "id": "CVE-2010-2785",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-08-02T20:40:01.560",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/07/28/1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40727"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40796"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.osvdb.org/66648"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://svn.kvirc.de/kvirc/changeset/4693"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "https://svn.kvirc.de/kvirc/ticket/858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=330111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://marc.info/?l=oss-security\u0026m=128041011428629\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://openwall.com/lists/oss-security/2010/07/28/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/40796"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/66648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://svn.kvirc.de/kvirc/changeset/4693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://svn.kvirc.de/kvirc/ticket/858"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.