CVE-2013-2024
published 2019-10-31CVE-2013-2024: OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.
PriorityP262high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
4.52%
90.3th percentile
OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| call-cc | chicken | <= 4.8.2 | — |
| chicken | chicken | — | — |
| chicken | chicken | >= 0 < 4.8.0.3-1 | 4.8.0.3-1 |
| chicken | chicken | >= 0 < 4.8.0.3-1 | 4.8.0.3-1 |
| chicken | chicken | >= 0 < 4.8.0.3-1 | 4.8.0.3-1 |
| chicken | chicken | >= 0 < 4.8.0.3-1 | 4.8.0.3-1 |
| debian | chicken | < chicken 4.8.0.3-1 (bookworm) | chicken 4.8.0.3-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable component is the 'qs' procedure within the 'utils' module of Chicken (Scheme interpreter) versions before 4.9.0; monitor for OS command injection attempts via this procedure ↗
- ·Vulnerability is local in scope; exploitation requires local access to the affected system running Chicken before 4.9.0 ↗
- ·Debian fix was applied at package version 4.8.0.3-1 (not upstream 4.9.0); verify the installed Debian package version, not just the upstream Chicken version, when assessing patch status ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
osv8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pxgh-qm7m-8gcq: OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4
ghsa_unreviewed·2022-05-05
CVE-2013-2024 [HIGH] CWE-78 GHSA-pxgh-qm7m-8gcq: OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4
OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.
OSV
CVE-2013-2024: OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4
osv·2019-10-31·CVSS 8.8
CVE-2013-2024 [HIGH] CVE-2013-2024: OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4
OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.
Red Hat
kernel: wifi: rtlwifi: remove unused check_buddy_priv
vendor_redhat·2025-03-06·CVSS 7.8
CVE-2024-58072 [HIGH] CWE-416 kernel: wifi: rtlwifi: remove unused check_buddy_priv
kernel: wifi: rtlwifi: remove unused check_buddy_priv
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtlwifi: remove unused check_buddy_priv
Commit 2461c7d60f9f ("rtlwifi: Update header file") introduced a global
list of private data structures.
Later on, commit 26634c4b1868 ("rtlwifi Modify existing bits to match
vendor version 2013.02.07") started adding the private data to that list at
probe time and added a hook, check_buddy_priv to find the private data from
a similar device.
However, that function was never used.
Besides, though there is a lock for that list, it is never used. And when
the probe fails, the private data is never removed from the list. This
would cause a second probe to access freed memory.
Remove the unused hook, structures and members, whi
CISA
Adobe Flash Player Code Execution Vulnerability
cisa·2024-09-17·CVSS 8.8
CVE-2013-0648 [HIGH] Adobe Flash Player Code Execution Vulnerability
Vulnerability: Adobe Flash Player Code Execution Vulnerability
Affected: Adobe Flash Player
Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
Required Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notes: https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2013-0648
Remediation Due Date: 2024-10-08
CISA
Adobe Flash Player Incorrect Default Permissions Vulnerability
cisa·2024-09-17·CVSS 8.8
CVE-2013-0643 [HIGH] CWE-264 Adobe Flash Player Incorrect Default Permissions Vulnerability
Vulnerability: Adobe Flash Player Incorrect Default Permissions Vulnerability
Affected: Adobe Flash Player
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
Required Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
Notes: https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2013-0643
Remediation Due Date: 2024-10-08
Debian
CVE-2013-2024: chicken - OS command injection vulnerability in the "qs" procedure from the "utils" module...
vendor_debian·2013·CVSS 8.8
CVE-2013-2024 [HIGH] CVE-2013-2024: chicken - OS command injection vulnerability in the "qs" procedure from the "utils" module...
OS command injection vulnerability in the "qs" procedure from the "utils" module in Chicken before 4.9.0.
Scope: local
bookworm: resolved (fixed in 4.8.0.3-1)
bullseye: resolved (fixed in 4.8.0.3-1)
forky: resolved (fixed in 4.8.0.3-1)
sid: resolved (fixed in 4.8.0.3-1)
trixie: resolved (fixed in 4.8.0.3-1)
Suricata
ET EXPLOIT D-Link Related Command Injection Attempt Inbound (CVE-2013-7471)
suricata·2022-11-23·CVSS 9.8
CVE-2013-7471 [CRITICAL] ET EXPLOIT D-Link Related Command Injection Attempt Inbound (CVE-2013-7471)
ET EXPLOIT D-Link Related Command Injection Attempt Inbound (CVE-2013-7471)
Rule: alert http any any -> $HOME_NET any (msg:"ET EXPLOIT D-Link Related Command Injection Attempt Inbound (CVE-2013-7471)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:28; content:"/soap.cgi?service=WANIPConn1"; fast_pattern; http.request_body; content:"|60|"; content:"|60|"; distance:0; reference:cve,2013-7471; reference:url,nvd.nist.gov/vuln/detail/cve-2013-7471; classtype:attempted-admin; sid:2039833; rev:4; metadata:affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2022_11_23, cve CVE_2013_7471, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_27, r
Suricata
ET EXPLOIT Possible Linksys WRT100/110 RCE Attempt (CVE-2013-3568)
suricata·2019-03-19·CVSS 8.8
CVE-2013-3568 [HIGH] ET EXPLOIT Possible Linksys WRT100/110 RCE Attempt (CVE-2013-3568)
ET EXPLOIT Possible Linksys WRT100/110 RCE Attempt (CVE-2013-3568)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Possible Linksys WRT100/110 RCE Attempt (CVE-2013-3568)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/ping.cgi"; startswith; endswith; http.request_body; content:"pingstr="; startswith; fast_pattern; content:"|3b|"; within:25; reference:cve,2013-3568; reference:url,www.exploit-db.com/exploits/28484; classtype:attempted-user; sid:2027097; rev:6; metadata:attack_target IoT, created_at 2019_03_19, cve CVE_2013_3568, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, updated_at 2024_04_13;)
Suricata
ET MALWARE W32/Citadel.Arx Variant CnC Beacon 1
suricata·2013-11-07
CVE-2013-3906 ET MALWARE W32/Citadel.Arx Variant CnC Beacon 1
ET MALWARE W32/Citadel.Arx Variant CnC Beacon 1
Rule: alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE W32/Citadel.Arx Variant CnC Beacon 1"; flow:established,to_server; http.uri; content:"/rssfeed.php?a="; fast_pattern; pcre:"/^[^&]+?&\d+$/R"; http.header_names; to_lowercase; content:!"|0d 0a|referer|0d 0a|"; reference:url,botnetlegalnotice.com/citadel/files/Patel_Decl_Ex20.pdf; reference:url,www.fireeye.com/blog/technical/cyber-exploits/2013/11/the-dual-use-exploit-cve-2013-3906-used-in-both-targeted-attacks-and-crimeware-campaigns.html; classtype:command-and-control; sid:2017690; rev:4; metadata:attack_target Client_Endpoint, created_at 2013_11_07, deployment Perimeter, signature_severity Major, tag c2, updated_at 2024_04_20, mitre_tactic_id TA0010, mitre_tactic_name Exfi
Suricata
ET WEB_SPECIFIC_APPS Oracle JSF2 Path Traversal Attempt
suricata·2013-10-17
CVE-2013-3827 ET WEB_SPECIFIC_APPS Oracle JSF2 Path Traversal Attempt
ET WEB_SPECIFIC_APPS Oracle JSF2 Path Traversal Attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Oracle JSF2 Path Traversal Attempt"; flow:established,to_server; http.uri; content:"/WEB-INF/web.xml"; nocase; fast_pattern; http.uri.raw; content:"|2e 2e 2f|"; reference:url,www.synopsys.com/blogs/software-security/path-traversal-defects-oracles-jsf2-implementation.html; reference:cve,2013-3827; classtype:web-application-attack; sid:2017611; rev:5; metadata:created_at 2013_10_17, cve CVE_2013_3827, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name F
Suricata
ET MALWARE EvilGrab/Vidgrab Checkin
suricata·2013-09-04
CVE-2012-0158 ET MALWARE EvilGrab/Vidgrab Checkin
ET MALWARE EvilGrab/Vidgrab Checkin
Rule: alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MALWARE EvilGrab/Vidgrab Checkin"; flow:established,to_server; content:"|7c 28|"; pcre:"/^\d{1,3}\x2e\d{1,3}\x2e\d{1,3}\x2e\d{1,3}/R"; content:"|29 7c|"; within:2; pcre:"/^\d{1,5}/R"; content:"|7c|Win"; within:4; reference:url,contagiodump.blogspot.com.br/2013/09/sandbox-miming-cve-2012-0158-in-mhtml.html; classtype:command-and-control; sid:2017413; rev:4; metadata:created_at 2013_09_04, signature_severity Major, updated_at 2024_03_06;)
Suricata
ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload
suricata·2013-06-28
CVE-2012-6081 ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload
ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS MoinMoin twikidraw Action Traversal File Upload"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"?action=twikidraw"; fast_pattern; content:"&target="; distance:0; content:"../moin.wsgi"; endswith; reference:bugtraq,57082; reference:cve,2012-6081; reference:url,packetstormsecurity.com/files/122079/moinmoin_twikidraw.rb.txt; reference:url,exploit-db.com/exploits/25304/; classtype:web-application-attack; sid:2017074; rev:6; metadata:created_at 2013_06_28, cve CVE_2012_6081, signature_severity Major, updated_at 2024_03_06, reviewed_at 2024_02_06;)
Suricata
ET EXPLOIT_KIT Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request
suricata·2013-01-15
CVE-2010-0188 ET EXPLOIT_KIT Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request
ET EXPLOIT_KIT Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request
Rule: alert http1 $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT_KIT Redkit Exploit Kit Three Numerical Character Naming Convention PDF Request"; flow:established,to_server; urilen:8; http.uri; pcre:"/\x2F[0-9]{3}\.pdf$/"; http.request_line; content:".pdf HTTP/1."; fast_pattern; reference:url,blogs.mcafee.com/mcafee-labs/red-kit-an-emerging-exploit-pack; reference:cve,2010-0188; classtype:exploit-kit; sid:2016210; rev:4; metadata:created_at 2013_01_15, cve CVE_2010_0188, performance_impact Moderate, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_07;)
No public exploits indexed.
http://www.openwall.com/lists/oss-security/2013/04/29/13http://www.securityfocus.com/bid/59320https://access.redhat.com/security/cve/cve-2013-2024https://exchange.xforce.ibmcloud.com/vulnerabilities/85064https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.htmlhttps://security-tracker.debian.org/tracker/CVE-2013-2024https://security.gentoo.org/glsa/201612-54http://www.openwall.com/lists/oss-security/2013/04/29/13http://www.securityfocus.com/bid/59320https://access.redhat.com/security/cve/cve-2013-2024https://exchange.xforce.ibmcloud.com/vulnerabilities/85064https://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.htmlhttps://security-tracker.debian.org/tracker/CVE-2013-2024https://security.gentoo.org/glsa/201612-54
2019-10-31
Published