National Cyber Awareness System

Vulnerability Summary for CVE-2010-1000

Overview

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Solution

Per: http://www.kde.org/info/security/advisory-20100513-1.txt 'Patches have been committed to the KDE Subversion repository in the following revision numbers: 4.3 branch: r1126227 4.4 branch: r1124974 Trunk: r1124976' }

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF

Name: kde-name-directory-traversal(58628)

Hyperlink:http://xforce.iss.net/xforce/xfdb/58628

External Source: VUPEN

Name: ADV-2011-1101

Hyperlink:http://www.vupen.com/english/advisories/2011/1101

External Source: VUPEN

Name: ADV-2010-3096

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/3096

External Source: VUPEN

Name: ADV-2010-1144

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/1144

External Source: VUPEN

Name: ADV-2010-1142

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/1142

External Source: UBUNTU

Name: USN-938-1

Hyperlink:http://www.ubuntu.com/usn/USN-938-1

External Source: BID

Name: 40141

Hyperlink:http://www.securityfocus.com/bid/40141

External Source: BUGTRAQ

Name: 20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/511294/100/0/threaded

External Source: BUGTRAQ

Name: 20100513 Secunia Research: KDE KGet metalink

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/511281/100/0/threaded

External Source: MANDRIVA

Name: MDVSA-2010:098

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2010:098

External Source: CONFIRM

Name: http://www.kde.org/info/security/advisory-20100513-1.txt

Type: Advisory

Hyperlink:http://www.kde.org/info/security/advisory-20100513-1.txt

External Source: SECTRACK

Name: 1023984

Hyperlink:http://securitytracker.com/id?1023984

External Source: MISC

Name: http://secunia.com/secunia_research/2010-69/

Type: Advisory

Hyperlink:http://secunia.com/secunia_research/2010-69/

External Source: SECUNIA

Name: 42423

Type: Advisory

Hyperlink:http://secunia.com/advisories/42423

External Source: SECUNIA

Name: 39787

Type: Advisory

Hyperlink:http://secunia.com/advisories/39787

External Source: SECUNIA

Name: 39528

Type: Advisory

Hyperlink:http://secunia.com/advisories/39528

External Source: OSVDB

Name: 64690

Hyperlink:http://osvdb.org/64690

External Source: MLIST

Name: [oss-security] 20100513 KDENetwork vulnerabilities

Hyperlink:http://marc.info/?l=oss-security&m=127378789518426&w=2

External Source: SUSE

Name: SUSE-SR:2010:024

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

External Source: FEDORA

Name: FEDORA-2011-5211

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html

External Source: FEDORA

Name: FEDORA-2010-18029

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html