Vulnerability Description
The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message.
CVSS Score
5.1
MEDIUM
AV:N/AC:H/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jianping Yu | Pidgin-Knotify | <= 0.2.1 |
| Pidgin | Pidgin | All versions |
Related Weaknesses (CWE)
References
- http://code.google.com/p/pidgin-knotify/issues/detail?id=1
- http://www.openwall.com/lists/oss-security/2010/09/12/1
- http://www.openwall.com/lists/oss-security/2010/09/13/4
- https://bugs.gentoo.org/show_bug.cgi?id=336916
- http://code.google.com/p/pidgin-knotify/issues/detail?id=1
- http://www.openwall.com/lists/oss-security/2010/09/12/1
- http://www.openwall.com/lists/oss-security/2010/09/13/4
- https://bugs.gentoo.org/show_bug.cgi?id=336916
FAQ
What is CVE-2010-3088?
CVE-2010-3088 is a vulnerability with a CVSS score of 5.1 (MEDIUM). The notify function in pidgin-knotify.c in the pidgin-knotify plugin 0.2.1 and earlier for Pidgin allows remote attackers to execute arbitrary commands via shell metacharacters in a message.
How severe is CVE-2010-3088?
CVE-2010-3088 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3088?
Check the references section above for vendor advisories and patch information. Affected products include: Jianping Yu Pidgin-Knotify, Pidgin Pidgin.