Vulnerability CVE-2010-2785

Vulnerability Name:

CVE-2010-2785 (CCN-60774)

Assigned:

2010-07-25

Published:

2010-07-25

Updated:

2010-09-09

Summary:

The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.

CVSS v3 Severity:

7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=330111

Source: MITRE
Type: CNA
CVE-2010-2785

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-11506

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-11524

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:014

Source: MLIST
Type: Patch
[oss-security] 20100729 Re: CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter

Source: MLIST
Type: Patch
[oss-security] 20100728 CVE Request -- KVIrc -- Remote CTCP commands execution via specially-crafted CTCP parameter

Source: CCN
Type: SA40727
KVIrc Failed DCC Handshake Notification Command Injection Vulnerability

Source: SECUNIA
Type: Vendor Advisory
40727

Source: SECUNIA
Type: Vendor Advisory
40796

Source: DEBIAN
Type: DSA-2078
kvirc -- programming error

Source: OSVDB
Type: UNKNOWN
66648

Source: CCN
Type: OSVDB ID: 66648
KVIrc CTCP Request Failed DCC Handshake Notification Arbitrary Command Injection

Source: CCN
Type: BID-42026
KVIrc '\r' Carriage Return in DCC Handshake Remote Command Execution Vulnerability

Source: XF
Type: UNKNOWN
kvirc-ctcp-command-execution(60774)

Source: CONFIRM
Type: Patch
https://svn.kvirc.de/kvirc/changeset/4693

Source: CCN
Type: KVIrc SVN Repository
Ticket #858 security issue in all versions

Source: CONFIRM
Type: Patch
https://svn.kvirc.de/kvirc/ticket/858

Source: SUSE
Type: SUSE-SR:2010:015
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:kvirc:kvirc:3.0.0:*:*:*:*:*:*:*

OR cpe:/a:kvirc:kvirc:3.0.0:beta1:*:*:*:*:*:*

OR cpe:/a:kvirc:kvirc:3.0.0:beta2:*:*:*:*:*:*

OR cpe:/a:kvirc:kvirc:3.0.1:*:*:*:*:*:*:*

OR cpe:/a:kvirc:kvirc:3.4.0:*:*:*:*:*:*:*

OR cpe:/a:kvirc:kvirc:3.4.2:*:*:*:*:*:*:*

OR cpe:/a:kvirc:kvirc:3.4.2:rc1:*:*:*:*:*:*

OR cpe:/a:kvirc:kvirc:4.0.0:*:*:*:*:*:*:*

OR cpe:/a:kvirc:kvirc:4.0.2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:kvirc:kvirc:4.0:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20102785	V	CVE-2010-2785	2022-06-30
oval:org.opensuse.security:def:112530	P	kvirc-4.2.0-6.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:106019	P	kvirc-4.2.0-6.3 on GA media (Moderate)	2021-10-01
oval:org.mitre.oval:def:12430	P	DSA-2078-1 mapserver -- several	2014-07-21
oval:org.debian:def:2078	V	programming error	2010-07-31

BACK