CVE-2005-0130

Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html
http://www.kde.org/info/security/advisory-20050121-1.txt
http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml
http://www.securityfocus.com/bid/12312
http://securitytracker.com/id?1012972
http://secunia.com/advisories/13919
http://secunia.com/advisories/13989
http://marc.info/?l=bugtraq&m=110626383310742&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/19008

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:berlios:konversation:0.15:*:*:*:*:*:*:*

Information

Published : 2005-04-13 21:00

Updated : 2017-07-11 18:29

NVD link : CVE-2005-0130

Mitre link : CVE-2005-0130

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

berlios

konversation

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html", "name": "20050119 Multiple vulnerabilities in Konversation", "tags": [], "refsource": "FULLDISC"}, {"url": "http://www.kde.org/info/security/advisory-20050121-1.txt", "name": "http://www.kde.org/info/security/advisory-20050121-1.txt", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml", "name": "GLSA-200501-34", "tags": [], "refsource": "GENTOO"}, {"url": "http://www.securityfocus.com/bid/12312", "name": "12312", "tags": [], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1012972", "name": "1012972", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/13919", "name": "13919", "tags": [], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/13989", "name": "13989", "tags": [], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=110626383310742&w=2", "name": "20050119 Multiple vulnerabilities in Konversation", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19008", "name": "konversation-perlscript-execute-code(19008)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-0130", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2005-04-14T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:berlios:konversation:0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-12T01:29Z"}