Computer Security

KDE KGet files overwrite
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



KDE KGet files overwrite
Published:14.05.2010
Source:BUGTRAQ
SecurityVulns ID:10840
Type:client
Level:5/10
Description:It's possible to overwrite files via metalink file.
Affected:KDE : KDE 4.4
 KDE : KGet 2.4
CVE:CVE-2010-1511 (KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.)
 CVE-2010-1000 (Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.)
Original documentdocumentSECUNIA, Secunia Research: KDE KGet metalink "name" Directory Traversal Vulnerability (14.05.2010)
 documentUBUNTU, [USN-938-1] KDENetwork vulnerability (14.05.2010)
 documentSECUNIA, Secunia Research: KDE KGet Insecure File Operation Vulnerability (14.05.2010)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru