PT-2005-1233 · Kde · Konversation

Wouter Coekaerts

Published

2005-01-22

Updated

2017-07-12

CVE-2005-0130

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Konversation version 0.15

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in channel names or song names that are not properly quoted when the user runs IRC scripts.

Recommendations For Konversation version 0.15, consider disabling the execution of IRC scripts until a patch is available to prevent the exploitation of this issue. Restrict access to channel names and song names to minimize the risk of arbitrary command execution.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0130

Affected Products

Konversation

PT-2005-1233 · Kde · Konversation

CVE-2005-0130

Related Identifiers

Affected Products

References · 13