Vulnerability Name:

CVE-2010-1512 (CCN-58643)

Assigned:2010-05-13
Published:2010-05-13
Updated:2018-10-10
Summary:Directory traversal vulnerability in aria2 before 1.9.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: aria2 Web site
aria2

Source: MITRE
Type: CNA
CVE-2010-1512

Source: CONFIRM
Type: UNKNOWN
http://downloads.sourceforge.net/project/aria2/stable/aria2-1.9.3/NEWS

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-8905

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-8908

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-8915

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:014

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:017

Source: CCN
Type: SA39529
aria2 metalink name Directory Traversal Vulnerability

Source: SECUNIA
Type: Vendor Advisory
39529

Source: SECUNIA
Type: UNKNOWN
39872

Source: SECUNIA
Type: UNKNOWN
42906

Source: CCN
Type: Secunia Research 13/05/2010
aria2 metalink "name" Directory Traversal Vulnerability

Source: MISC
Type: Vendor Advisory
http://secunia.com/secunia_research/2010-71/

Source: GENTOO
Type: UNKNOWN
GLSA-201101-04

Source: DEBIAN
Type: UNKNOWN
DSA-2047

Source: DEBIAN
Type: DSA-2047
aria2 -- insufficient input sanitising

Source: CCN
Type: GLSA-201101-04
aria2: Directory traversal

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:106

Source: OSVDB
Type: UNKNOWN
64592

Source: CCN
Type: OSVDB ID: 64592
aria2 metalink name Attribute Traversal Arbitrary File Creation

Source: BUGTRAQ
Type: UNKNOWN
20100513 Secunia Research: aria2 metalink "name" Directory Traversal Vulnerability

Source: BID
Type: Patch
40142

Source: CCN
Type: BID-40142
aria2 Metalink File Handling Directory Traversal Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2010-1228

Source: VUPEN
Type: UNKNOWN
ADV-2010-1229

Source: VUPEN
Type: UNKNOWN
ADV-2011-0116

Source: XF
Type: UNKNOWN
aria2-name-directory-traversal(58643)

Source: SUSE
Type: SUSE-SR:2010:017
(java-1_4_2-ibm, sudo, libpng, php5, tgt, iscsitarget, aria2, pcsc-lite, tomcat5, tomcat6, lvm2, libvirt, rpm, libtiff, dovecot12)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:tatsuhiro_tsujikawa:aria2:0.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.2.1+1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.2.1+2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.3.1+1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.3.1+2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.5.0+1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.5.0+2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.6.0+1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.7.3:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.10.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.10.0+1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.10.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.10.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.10.2+1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.11.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.11.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.11.1+1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.11.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.11.3:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.11.4:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.11.5:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.12.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.12.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.13.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.13.0+1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.13.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.13.1+1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.13.1+2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.13.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.13.2+1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.14.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.14.0+1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.15.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.15.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.15.1+1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.15.1+2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.15.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.15.3:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.16.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.16.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:0.16.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.5.0b+20090716:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.6.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.7.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.7.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.7.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.8.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.8.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.8.2:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.8.3:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.9.0:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:1.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:tatsuhiro_tsujikawa:aria2:*:*:*:*:*:*:*:* (Version <= 1.9.2)

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20101512
    V
    		CVE-2010-1512
    2015-11-16
    oval:org.mitre.oval:def:11620
    P
    		DSA-2047 aria2 -- insufficient input sanitising
    2014-06-23
    oval:org.mitre.oval:def:12962
    P
    		DSA-2047-1 aria2 -- insufficient input sanitising
    2014-06-23
    oval:com.ubuntu.precise:def:20101512000
    V
    		CVE-2010-1512 on Ubuntu 12.04 LTS (precise) - low.
    2010-05-17
    oval:org.debian:def:2047
    V
    		insufficient input sanitising
    2010-05-17
    BACK
    tatsuhiro_tsujikawa aria2 0.1.0
    tatsuhiro_tsujikawa aria2 0.2.0
    tatsuhiro_tsujikawa aria2 0.2.1
    tatsuhiro_tsujikawa aria2 0.2.1+1
    tatsuhiro_tsujikawa aria2 0.2.1+2
    tatsuhiro_tsujikawa aria2 0.3.0
    tatsuhiro_tsujikawa aria2 0.3.1
    tatsuhiro_tsujikawa aria2 0.3.1+1
    tatsuhiro_tsujikawa aria2 0.3.1+2
    tatsuhiro_tsujikawa aria2 0.3.2
    tatsuhiro_tsujikawa aria2 0.4.0
    tatsuhiro_tsujikawa aria2 0.4.1
    tatsuhiro_tsujikawa aria2 0.5.0
    tatsuhiro_tsujikawa aria2 0.5.0+1
    tatsuhiro_tsujikawa aria2 0.5.0+2
    tatsuhiro_tsujikawa aria2 0.5.1
    tatsuhiro_tsujikawa aria2 0.5.2
    tatsuhiro_tsujikawa aria2 0.6.0
    tatsuhiro_tsujikawa aria2 0.6.0+1
    tatsuhiro_tsujikawa aria2 0.7.0
    tatsuhiro_tsujikawa aria2 0.7.1
    tatsuhiro_tsujikawa aria2 0.7.2
    tatsuhiro_tsujikawa aria2 0.7.3
    tatsuhiro_tsujikawa aria2 0.8.0
    tatsuhiro_tsujikawa aria2 0.8.1
    tatsuhiro_tsujikawa aria2 0.9.0
    tatsuhiro_tsujikawa aria2 0.10.0
    tatsuhiro_tsujikawa aria2 0.10.0+1
    tatsuhiro_tsujikawa aria2 0.10.1
    tatsuhiro_tsujikawa aria2 0.10.2
    tatsuhiro_tsujikawa aria2 0.10.2+1
    tatsuhiro_tsujikawa aria2 0.11.0
    tatsuhiro_tsujikawa aria2 0.11.1
    tatsuhiro_tsujikawa aria2 0.11.1+1
    tatsuhiro_tsujikawa aria2 0.11.2
    tatsuhiro_tsujikawa aria2 0.11.3
    tatsuhiro_tsujikawa aria2 0.11.4
    tatsuhiro_tsujikawa aria2 0.11.5
    tatsuhiro_tsujikawa aria2 0.12.0
    tatsuhiro_tsujikawa aria2 0.12.1
    tatsuhiro_tsujikawa aria2 0.13.0
    tatsuhiro_tsujikawa aria2 0.13.0+1
    tatsuhiro_tsujikawa aria2 0.13.1
    tatsuhiro_tsujikawa aria2 0.13.1+1
    tatsuhiro_tsujikawa aria2 0.13.1+2
    tatsuhiro_tsujikawa aria2 0.13.2
    tatsuhiro_tsujikawa aria2 0.13.2+1
    tatsuhiro_tsujikawa aria2 0.14.0
    tatsuhiro_tsujikawa aria2 0.14.0+1
    tatsuhiro_tsujikawa aria2 0.15.0
    tatsuhiro_tsujikawa aria2 0.15.1
    tatsuhiro_tsujikawa aria2 0.15.1+1
    tatsuhiro_tsujikawa aria2 0.15.1+2
    tatsuhiro_tsujikawa aria2 0.15.2
    tatsuhiro_tsujikawa aria2 0.15.3
    tatsuhiro_tsujikawa aria2 0.16.0
    tatsuhiro_tsujikawa aria2 0.16.1
    tatsuhiro_tsujikawa aria2 0.16.2
    tatsuhiro_tsujikawa aria2 1.0.0
    tatsuhiro_tsujikawa aria2 1.0.1
    tatsuhiro_tsujikawa aria2 1.1.0
    tatsuhiro_tsujikawa aria2 1.1.1
    tatsuhiro_tsujikawa aria2 1.1.2
    tatsuhiro_tsujikawa aria2 1.2.0
    tatsuhiro_tsujikawa aria2 1.3.0
    tatsuhiro_tsujikawa aria2 1.3.1
    tatsuhiro_tsujikawa aria2 1.3.2
    tatsuhiro_tsujikawa aria2 1.3.3
    tatsuhiro_tsujikawa aria2 1.4.0
    tatsuhiro_tsujikawa aria2 1.4.1
    tatsuhiro_tsujikawa aria2 1.5.0
    tatsuhiro_tsujikawa aria2 1.5.0b+20090716
    tatsuhiro_tsujikawa aria2 1.5.1
    tatsuhiro_tsujikawa aria2 1.5.2
    tatsuhiro_tsujikawa aria2 1.6.0
    tatsuhiro_tsujikawa aria2 1.6.1
    tatsuhiro_tsujikawa aria2 1.6.2
    tatsuhiro_tsujikawa aria2 1.6.3
    tatsuhiro_tsujikawa aria2 1.7.0
    tatsuhiro_tsujikawa aria2 1.7.1
    tatsuhiro_tsujikawa aria2 1.7.2
    tatsuhiro_tsujikawa aria2 1.8.0
    tatsuhiro_tsujikawa aria2 1.8.1
    tatsuhiro_tsujikawa aria2 1.8.2
    tatsuhiro_tsujikawa aria2 1.8.3
    tatsuhiro_tsujikawa aria2 1.9.0
    tatsuhiro_tsujikawa aria2 1.9.1
    tatsuhiro_tsujikawa aria2 *