Vulnerabilities > CVE-2010-2785 - Unspecified vulnerability in Kvirc
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not properly handle \ (backslash) characters, which allows remote authenticated users to execute arbitrary CTCP commands via vectors involving \r and \40 sequences, a different vulnerability than CVE-2010-2451 and CVE-2010-2452.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 9 |
Exploit-Db
| description | KVIrc 4.0 '\r' Carriage Return in DCC Handshake Remote Command Execution Vulnerability. CVE-2010-2785. Remote exploit for linux platform |
| id | EDB-ID:34385 |
| last seen | 2016-02-03 |
| modified | 2010-07-28 |
| published | 2010-07-28 |
| reporter | unic0rn |
| source | https://www.exploit-db.com/download/34385/ |
| title | KVIrc <= 4.0 - '\r' Carriage Return in DCC Handshake Remote Command Execution Vulnerability |
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2010-11506.NASL description Fix for security issue: remote command execution. https://svn.kvirc.de/kvirc/ticket/858 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 48207 published 2010-08-02 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48207 title Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-11506. # include("compat.inc"); if (description) { script_id(48207); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:31"); script_cve_id("CVE-2010-2785"); script_bugtraq_id(42026); script_xref(name:"FEDORA", value:"2010-11506"); script_name(english:"Fedora 13 : kvirc-4.0.0-3.fc13 (2010-11506)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix for security issue: remote command execution. https://svn.kvirc.de/kvirc/ticket/858 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1a7d414f" ); script_set_attribute( attribute:"see_also", value:"https://svn.kvirc.de/kvirc/ticket/858" ); script_set_attribute(attribute:"solution", value:"Update the affected kvirc package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kvirc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC13", reference:"kvirc-4.0.0-3.fc13")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kvirc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2010-11524.NASL description Fix for security issue: remote command execution https://svn.kvirc.de/kvirc/ticket/858 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 48208 published 2010-08-02 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48208 title Fedora 12 : kvirc-4.0.0-3.fc12 (2010-11524) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2010-11524. # include("compat.inc"); if (description) { script_id(48208); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:31"); script_cve_id("CVE-2010-2785"); script_bugtraq_id(42026); script_xref(name:"FEDORA", value:"2010-11524"); script_name(english:"Fedora 12 : kvirc-4.0.0-3.fc12 (2010-11524)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix for security issue: remote command execution https://svn.kvirc.de/kvirc/ticket/858 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?18ef1fa9" ); script_set_attribute( attribute:"see_also", value:"https://svn.kvirc.de/kvirc/ticket/858" ); script_set_attribute(attribute:"solution", value:"Update the affected kvirc package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:kvirc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:12"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/08/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^12([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 12.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC12", reference:"kvirc-4.0.0-3.fc12")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kvirc"); }NASL family SuSE Local Security Checks NASL id SUSE_11_2_KVIRC-100802.NASL description This update of kvirc does not further allow remote client to send arbitrary CTCP commands. (CVE-2010-2785) last seen 2020-06-01 modified 2020-06-02 plugin id 48237 published 2010-08-03 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48237 title openSUSE Security Update : kvirc (openSUSE-SU-2010:0459-1) NASL family SuSE Local Security Checks NASL id SUSE_11_1_KVIRC-100802.NASL description This update of kvirc does not further allow remote client to send arbitrary CTCP commands. (CVE-2010-2785) last seen 2020-06-01 modified 2020-06-02 plugin id 48234 published 2010-08-03 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48234 title openSUSE Security Update : kvirc (openSUSE-SU-2010:0459-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2078.NASL description It was discovered that incorrect parsing of CTCP commands in kvirc, a KDE-based IRC client, could lead to the execution of arbitrary IRC commands against other users. last seen 2020-06-01 modified 2020-06-02 plugin id 48221 published 2010-08-03 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/48221 title Debian DSA-2078-1 : kvirc - programming error NASL family SuSE Local Security Checks NASL id SUSE_11_3_KVIRC-100802.NASL description This update of kvirc does not further allow remote client to send arbitrary CTCP commands. (CVE-2010-2785) last seen 2020-06-01 modified 2020-06-02 plugin id 75565 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75565 title openSUSE Security Update : kvirc (openSUSE-SU-2010:0459-1) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201402-20.NASL description The remote host is affected by the vulnerability described in GLSA-201402-20 (KVIrc: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in KVIrc. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, or overwrite arbitrary files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72634 published 2014-02-23 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72634 title GLSA-201402-20 : KVIrc: Multiple vulnerabilities
References
- http://bugs.gentoo.org/show_bug.cgi?id=330111
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044625.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044643.html
- http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
- http://marc.info/?l=oss-security&m=128041011428629&w=2
- http://openwall.com/lists/oss-security/2010/07/28/1
- http://secunia.com/advisories/40727
- http://secunia.com/advisories/40796
- http://www.osvdb.org/66648
- https://svn.kvirc.de/kvirc/changeset/4693
- https://svn.kvirc.de/kvirc/ticket/858