National Cyber Awareness System

Vulnerability Summary for CVE-2010-1511

Overview

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF

Name: kde-metalink-file-overwrite(58629)

Hyperlink:http://xforce.iss.net/xforce/xfdb/58629

External Source: VUPEN

Name: ADV-2010-3096

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/3096

External Source: VUPEN

Name: ADV-2010-1144

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/1144

External Source: VUPEN

Name: ADV-2010-1142

Type: Advisory

Hyperlink:http://www.vupen.com/english/advisories/2010/1142

External Source: UBUNTU

Name: USN-938-1

Hyperlink:http://www.ubuntu.com/usn/USN-938-1

External Source: BID

Name: 40141

Hyperlink:http://www.securityfocus.com/bid/40141

External Source: BUGTRAQ

Name: 20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/511294/100/0/threaded

External Source: BUGTRAQ

Name: 20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/511279/100/0/threaded

External Source: CONFIRM

Name: http://www.kde.org/info/security/advisory-20100513-1.txt

Type: Advisory

Hyperlink:http://www.kde.org/info/security/advisory-20100513-1.txt

External Source: SECTRACK

Name: 1023984

Hyperlink:http://securitytracker.com/id?1023984

External Source: MISC

Name: http://secunia.com/secunia_research/2010-70/

Type: Advisory

Hyperlink:http://secunia.com/secunia_research/2010-70/

External Source: SECUNIA

Name: 39787

Type: Advisory

Hyperlink:http://secunia.com/advisories/39787

External Source: SECUNIA

Name: 39528

Type: Advisory

Hyperlink:http://secunia.com/advisories/39528

External Source: OSVDB

Name: 64689

Hyperlink:http://osvdb.org/64689

External Source: MLIST

Name: [oss-security] 20100513 KDENetwork vulnerabilities

Hyperlink:http://marc.info/?l=oss-security&m=127378789518426&w=2

External Source: FEDORA

Name: FEDORA-2010-18029

Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html