Lucene search

K

[email protected]NVD:CVE-2014-2527

HistoryAug 26, 2014 - 2:55 p.m.

CVE-2014-2527

2014-08-2614:55:05

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.8%

kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory name, a different vulnerability than CVE-2014-2528.

Affected configurations

NVD

Node

kdirstat_projectkdirstatMatch2.7.0

OR

opensuseopensuseMatch13.1

References

lists.opensuse.org/opensuse-updates/2014-08/msg00015.html

www.openwall.com/lists/oss-security/2014/03/17/2

www.openwall.com/lists/oss-security/2014/03/18/2

bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp

bugs.debian.org/cgi-bin/bugreport.cgi?bug=741659

bugzilla.redhat.com/show_bug.cgi?id=1077059

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.8%

Related for NVD:CVE-2014-2527

cve2 ubuntucve2 cvelist2 nessus5 openvas6 nvd1 fedora2 prion2 debiancve2 gentoo1