Lucene search

[email protected]CVE-2014-2528

HistoryAug 26, 2014 - 2:55 p.m.

CVE-2014-2528

2014-08-2614:55:05

[email protected]

web.nvd.nist.gov

nvd

cve-2014-2528

kdirstat

remote attack

arbitrary commands

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.8%

JSON

kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ’ (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.

Affected configurations

NVD

Node

kdirstat_projectkdirstatMatch2.7.3

opensuseopensuseMatch13.1

CPENameOperatorVersion
kdirstat_project:kdirstatkdirstat project kdirstateq2.7.3
opensuse:opensuseopensuseeq13.1

CPE	Name	Operator	Version
kdirstat_project:kdirstat	kdirstat project kdirstat	eq	2.7.3
opensuse:opensuse	opensuse	eq	13.1

References

lists.opensuse.org/opensuse-updates/2014-08/msg00015.html

www.openwall.com/lists/oss-security/2014/03/17/2

www.openwall.com/lists/oss-security/2014/03/18/2

bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp

bugs.debian.org/cgi-bin/bugreport.cgi?bug=741659

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.8%

JSON

Related for CVE-2014-2528

cve1 ubuntucve2 cvelist2 openvas6 fedora2 prion2 nessus5 debiancve2 nvd2 gentoo1