Computer Security
[EN] no-pyccku

KDE KGet files overwrite
SecurityVulns ID:10840
Threat Level:
Description:It's possible to overwrite files via metalink file.
Affected:KDE : KDE 4.4
 KDE : KGet 2.4
CVE:CVE-2010-1511 (KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.)
 CVE-2010-1000 (Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.)
Original documentdocumentSECUNIA, Secunia Research: KDE KGet metalink "name" Directory Traversal Vulnerability (14.05.2010)
 documentUBUNTU, [USN-938-1] KDENetwork vulnerability (14.05.2010)
 documentSECUNIA, Secunia Research: KDE KGet Insecure File Operation Vulnerability (14.05.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod