CVE - CVE-2010-1000

CVE-ID
CVE-2010-1000	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20100513 Secunia Research: KDE KGet metalink "name" Directory Traversal Vulnerability URL:http://www.securityfocus.com/archive/1/511281/100/0/threaded BUGTRAQ:20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability URL:http://www.securityfocus.com/archive/1/511294/100/0/threaded MLIST:[oss-security] 20100513 KDENetwork vulnerabilities URL:http://marc.info/?l=oss-security&m=127378789518426&w=2 MISC:http://secunia.com/secunia_research/2010-69/ CONFIRM:http://www.kde.org/info/security/advisory-20100513-1.txt FEDORA:FEDORA-2010-18029 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html FEDORA:FEDORA-2011-5211 URL:http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html MANDRIVA:MDVSA-2010:098 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:098 SUSE:SUSE-SR:2010:024 URL:http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html UBUNTU:USN-938-1 URL:http://www.ubuntu.com/usn/USN-938-1 BID:40141 URL:http://www.securityfocus.com/bid/40141 OSVDB:64690 URL:http://osvdb.org/64690 SECTRACK:1023984 URL:http://securitytracker.com/id?1023984 SECUNIA:39528 URL:http://secunia.com/advisories/39528 SECUNIA:39787 URL:http://secunia.com/advisories/39787 SECUNIA:42423 URL:http://secunia.com/advisories/42423 VUPEN:ADV-2010-1142 URL:http://www.vupen.com/english/advisories/2010/1142 VUPEN:ADV-2010-1144 URL:http://www.vupen.com/english/advisories/2010/1144 VUPEN:ADV-2010-3096 URL:http://www.vupen.com/english/advisories/2010/3096 VUPEN:ADV-2011-1101 URL:http://www.vupen.com/english/advisories/2011/1101 XF:kde-name-directory-traversal(58628) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/58628
Assigning CNA
N/A
Date Entry Created
20100318	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100318)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org