Lucene search

PRIOn knowledge basePRION:CVE-2010-2445

HistoryJul 08, 2010 - 12:54 p.m.

Design/Logic Flaw

2010-07-0812:54:00

PRIOn knowledge base

www.prio-n.com

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.4%

JSON

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the (1) os, (2) io, (3) package, (4) dofile, (5) loadfile, (6) loadlib, (7) module, and (8) require modules or functions.

CPENameOperatorVersion
freeciveq2.2.0 beta1
freeciveq2.3.0 dev
freeciveq2.2.0
freeciveq2.2.0 rc1
freeciveq2.2.0 beta3
freeciveq2.2.0 beta2

Name	Operator	Version
freeciv	eq	2.2.0 beta1
freeciv	eq	2.3.0 dev
freeciv	eq	2.2.0
freeciv	eq	2.2.0 rc1
freeciv	eq	2.2.0 beta3
freeciv	eq	2.2.0 beta2

References

gna.org/bugs/?15624

packetstormsecurity.com/files/163311/Android-2.0-FreeCIV-Arbitrary-Code-Execution.html

www.mandriva.com/security/advisories?name=MDVSA-2010:205

www.openwall.com/lists/oss-security/2010/06/09/4

www.openwall.com/lists/oss-security/2010/06/24/5

www.osvdb.org/65192

7.6 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.4%

JSON

Related for PRION:CVE-2010-2445