| Vulnerability Name: | CVE-2010-1511 (CCN-58629) |
| Assigned: | 2010-05-13 |
| Published: | 2010-05-13 |
| Updated: | 2018-10-10 |
| Summary: | KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
|
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)| Exploitability Metrics: | Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Low
Availibility (A): None |
|
| CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:TF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial |
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.3 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:TF/RC:C)| Exploitability Metrics: | Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None |
|
| Vulnerability Type: | CWE-264
|
| Vulnerability Consequences: | File Manipulation |
| References: | Source: MITRE
Type: CNA
CVE-2010-1511
Source: FEDORA
Type: UNKNOWN
FEDORA-2010-18029
Source: MLIST
Type: UNKNOWN
[oss-security] 20100513 KDENetwork vulnerabilities
Source: OSVDB
Type: UNKNOWN
64689
Source: CCN
Type: SA39528
KDE KGet Insecure File Operation and Directory Traversal
Source: SECUNIA
Type: Vendor Advisory
39528
Source: SECUNIA
Type: Vendor Advisory
39787
Source: CCN
Type: Secunia Research 13/05/2010
KDE KGet Insecure File Operation Vulnerability
Source: MISC
Type: Vendor Advisory
http://secunia.com/secunia_research/2010-70/
Source: CCN
Type: SECTRACK ID: 1023984
KDE KGet Contains File Overwrite and Directory Traversal Bugs
Source: SECTRACK
Type: UNKNOWN
1023984
Source: CCN
Type: KDE SVN Repository
The KDE Source Repository
Source: CCN
Type: KDE Web site
KDE - Latest News
Source: CONFIRM
Type: Vendor Advisory
http://www.kde.org/info/security/advisory-20100513-1.txt
Source: CCN
Type: OSVDB ID: 64689
KDE KGet Arbitrary Unacknowledged Download Arbitrary File Overwrite
Source: BUGTRAQ
Type: UNKNOWN
20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability
Source: BUGTRAQ
Type: UNKNOWN
20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability
Source: BID
Type: UNKNOWN
40141
Source: CCN
Type: BID-40141
KDE KGet Security Bypass and Directory Traversal Vulnerabilities
Source: UBUNTU
Type: UNKNOWN
USN-938-1
Source: VUPEN
Type: Vendor Advisory
ADV-2010-1142
Source: VUPEN
Type: Vendor Advisory
ADV-2010-1144
Source: VUPEN
Type: Vendor Advisory
ADV-2010-3096
Source: XF
Type: UNKNOWN
kde-metalink-file-overwrite(58629)
Source: XF
Type: UNKNOWN
kde-metalink-file-overwrite(58629)
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:kde:kget:2.4.2:*:*:*:*:*:*:*AND cpe:/a:kde:kde_sc:2.2.0:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:3.5.10:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.0:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.0:alpha1:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.0:alpha2:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.0:beta1:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.0:beta2:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.0:beta3:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.0:beta4:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.0:rc1:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.0:rc2:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.1:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.2:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.3:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.4:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.0.5:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.1.0:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.1.0:alpha1:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.1.0:beta1:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.1.0:beta2:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.1.0:rc:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.1.1:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.1.2:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.1.3:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.1.4:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.1.80:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.1.85:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.1.96:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.2:beta2:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.2:rc:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.2.0:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.2.1:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.2.2:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.2.3:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.2.4:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.3.0:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.3.0:beta1:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.3.0:beta3:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.3.0:rc1:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.3.0:rc2:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.3.0:rc3:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.3.1:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.3.2:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.3.3:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.3.4:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.3.5:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.4.0:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.4.0:beta1:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.4.0:beta2:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.4.0:rc1:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.4.0:rc2:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.4.0:rc3:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.4.1:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.4.2:*:*:*:*:*:*:*OR cpe:/a:kde:kde_sc:4.4.3:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:kde:kget:2.4.2:*:*:*:*:*:*:*AND cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*OR cpe:/o:mandriva:linux:2010:*:*:*:x86_64:*:*:*OR cpe:/o:mandriva:linux:2010:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
|
| BACK |