CVE-2005-0130

Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html
http://marc.info/?l=bugtraq&m=110626383310742&w=2
http://secunia.com/advisories/13919
http://secunia.com/advisories/13989
http://securitytracker.com/id?1012972
http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml
http://www.kde.org/info/security/advisory-20050121-1.txt
http://www.securityfocus.com/bid/12312
https://exchange.xforce.ibmcloud.com/vulnerabilities/19008

Configurations

Configuration 1 (hide)

cpe:2.3:a:berlios:konversation:0.15:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-04-14 04:00

Updated : 2023-12-10 10:28

NVD link : CVE-2005-0130

Mitre link : CVE-2005-0130

CVE.ORG link : CVE-2005-0130

JSON object : View

Products Affected

berlios

konversation

CWE

NVD-CWE-Other

{"id": "CVE-2005-0130", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-04-14T04:00:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=110626383310742&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/13919", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/13989", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1012972", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml", "source": "cve@mitre.org"}, {"url": "http://www.kde.org/info/security/advisory-20050121-1.txt", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/12312", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19008", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts."}, {"lang": "es", "value": "Ciertos scripts Perl en Konversation 0.15 permiten a atacantes remotos ejecutar comandos mediante metacaract\u00e9res de shell en (1) nombres de canal o (2) nombres de canciones que no son entrecomillados adecuadamente cuando el usuario ejecuta scripts IRC."}], "lastModified": "2017-07-12T01:29:01.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:berlios:konversation:0.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A46AE693-7BBD-431A-BC50-B524B057F218"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}