PT-2010-1150 · Pidgin · Pidgin-Knotify Plugin

Matthias Petschick

Published

2010-10-08

Updated

2014-02-26

CVE-2010-3088

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Pidgin-knotify plugin versions 0.2.1 and earlier

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a message, potentially leading to a breach of confidentiality, integrity, and availability of protected information. This can be exploited remotely.

Recommendations For Pidgin-knotify plugin versions 0.2.1 and earlier, consider disabling the notify function in pidgin-knotify.c as a temporary workaround until a patch is available. Restrict access to the pidgin-knotify plugin to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2015-09694

CVE-2010-3088

Affected Products

Pidgin-Knotify Plugin

PT-2010-1150 · Pidgin · Pidgin-Knotify Plugin

CVE-2010-3088

Weakness Enumeration

Related Identifiers

Affected Products

References · 7