CVE-2005-0130

Current Description

Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts.

Basic Data

PublishedApril 14, 2005
Last ModifiedJuly 12, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationBerliosKonversation0.15*******

Vulnerable Software List

VendorProductVersions
Berlios Konversation 0.15

References

NameSourceURLTags
20050119 Multiple vulnerabilities in Konversationhttp://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.htmlFULLDISC
20050119 Multiple vulnerabilities in Konversationhttp://marc.info/?l=bugtraq&m=110626383310742&w=2BUGTRAQ
13919http://secunia.com/advisories/13919SECUNIA
13989http://secunia.com/advisories/13989SECUNIA
1012972http://securitytracker.com/id?1012972SECTRACK
GLSA-200501-34http://www.gentoo.org/security/en/glsa/glsa-200501-34.xmlGENTOO
http://www.kde.org/info/security/advisory-20050121-1.txthttp://www.kde.org/info/security/advisory-20050121-1.txtCONFIRM
12312http://www.securityfocus.com/bid/12312BID
konversation-perlscript-execute-code(19008)https://exchange.xforce.ibmcloud.com/vulnerabilities/19008XF