CVE-2010-2246

feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://derf.homelinux.org/git/feh/plain/ChangeLog
http://openwall.com/lists/oss-security/2010/06/25/4	Exploit
http://openwall.com/lists/oss-security/2010/06/28/4	Exploit
http://www.securityfocus.com/bid/41161	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:feh_project:feh::::::::
	cpe:2.3:a:feh_project:feh:0.5.0:::::::*
	cpe:2.3:a:feh_project:feh:0.6.4:::::::*
	cpe:2.3:a:feh_project:feh:0.7.0:::::::*
	cpe:2.3:a:feh_project:feh:0.9.9:::::::*
	cpe:2.3:a:feh_project:feh:1.1.0:::::::*
	cpe:2.3:a:feh_project:feh:1.2.0:::::::*
	cpe:2.3:a:feh_project:feh:1.2.1:::::::*
	cpe:2.3:a:feh_project:feh:1.2.3:::::::*
	cpe:2.3:a:feh_project:feh:1.2.5:::::::*
	cpe:2.3:a:feh_project:feh:1.2.6:::::::*
	cpe:2.3:a:feh_project:feh:1.2.7:::::::*
	cpe:2.3:a:feh_project:feh:1.3.0:::::::*
	cpe:2.3:a:feh_project:feh:1.3.1:::::::*
	cpe:2.3:a:feh_project:feh:1.3.3:::::::*
	cpe:2.3:a:feh_project:feh:1.3.5:::::::*
	cpe:2.3:a:feh_project:feh:1.4:::::::*
	cpe:2.3:a:feh_project:feh:1.4.1:::::::*
	cpe:2.3:a:feh_project:feh:1.4.2:::::::*
	cpe:2.3:a:feh_project:feh:1.4.3:::::::*
	cpe:2.3:a:feh_project:feh:1.5:::::::*
	cpe:2.3:a:feh_project:feh:1.6:::::::*
	cpe:2.3:a:feh_project:feh:1.6.1:::::::*

History

No history.

Information

Published : 2011-05-26 18:55

Updated : 2020-02-27 13:13

NVD link : CVE-2010-2246

Mitre link : CVE-2010-2246

CVE.ORG link : CVE-2010-2246

JSON object : View

Products Affected

feh_project

feh

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2010-2246", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-05-26T18:55:01.787", "references": [{"url": "http://derf.homelinux.org/git/feh/plain/ChangeLog", "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2010/06/25/4", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://openwall.com/lists/oss-security/2010/06/28/4", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/41161", "tags": ["Exploit"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL."}, {"lang": "es", "value": "FEH anterior a v1.8, cuando la opci\u00f3n --wget-timestamp- est\u00e1 activada, podr\u00eda permitir a atacantes remotos ejecutar comandos arbitrarios v\u00eda metacaracteres shell en una direcci\u00f3n URL."}], "lastModified": "2020-02-27T13:13:11.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:feh_project:feh:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09377B37-329A-488D-9E9E-526A8DAF5B3B", "versionEndIncluding": "1.7"}, {"criteria": "cpe:2.3:a:feh_project:feh:0.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94B06044-431D-436A-968A-E63DA7C98313"}, {"criteria": "cpe:2.3:a:feh_project:feh:0.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A8F51C2-220C-42D9-835E-F50449AB0AD6"}, {"criteria": "cpe:2.3:a:feh_project:feh:0.7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB81F274-614A-4777-A09F-7F18EEE5E560"}, {"criteria": "cpe:2.3:a:feh_project:feh:0.9.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAE1BC5D-D4F3-485E-AFE3-94C81F5A783A"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F983BC56-E0D3-4C51-B2BF-D6FB62E65687"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24992069-559D-4766-8CE3-A8E652612C52"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DF9DF47-988E-43BE-AB93-65298CA2B3EE"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75375308-34D2-43AD-A375-3805D2CD832A"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6A1208D-7E71-45D0-B7AD-D9E3FB838B0D"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "383331D2-5F26-4973-8060-F5032E70D5E2"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21A561E5-B316-4E9D-AFF5-9B5BD622BEE0"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E54259EE-FDD6-4CFB-BCAF-D50C5F486EC1"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AAFE373-EDD7-4BC6-8EAB-745B7016D402"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB3EDBBE-075E-4E22-9B8D-5847813B1E9F"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7F42B57-48F8-4829-9199-90CDDA81E20A"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D326B0BC-9573-4363-B82C-E35E06216D3E"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E301ACD-A495-49B4-BF0A-99BF6E580B25"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49068803-44F8-43FA-80F7-D358D62304DC"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8DD385F-EAD2-4A9B-A14B-8623834FE5FA"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC289CF0-2FA5-407A-8F24-CB90C36AA27B"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F369ACF2-5BDC-4157-9838-B7E364E3034E"}, {"criteria": "cpe:2.3:a:feh_project:feh:1.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB4AD21D-3F70-4507-AC69-2DB1D436A4F7"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}