Vulnerability CVE-2011-2725

Vulnerability Name:

CVE-2011-2725 (CCN-95702)

Assigned:

2011-10-07

Published:

2011-10-07

Updated:

2018-10-30

Summary:

Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip file.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
4.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-22

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2011-2725

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2012:0322

Source: MISC
Type: Exploit
http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html

Source: CCN
Type: Full Disclosure Mailing List, Fri, 7 Oct 2011 10:32:53 +0100
Medium severity flaw with Ark

Source: FULLDISC
Type: UNKNOWN
20111007 Medium severity flaw with Ark

Source: CCN
Type: Ark Project Web site
Ark

Source: UBUNTU
Type: UNKNOWN
USN-1276-1

Source: MISC
Type: UNKNOWN
https://bugzilla.novell.com/show_bug.cgi?id=708268

Source: CCN
Type: Red Hat Bugzilla Bug 725764
(CVE-2011-2725) CVE-2011-2725 kdeutils: Ark path traversal

Source: CONFIRM
Type: Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=725764

Source: XF
Type: UNKNOWN
ark-cve20112725-dir-trav(95702)

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2011-2725

Vulnerable Configuration:

Configuration 1:

cpe:/a:kde:ark:*:*:*:*:*:*:*:* (Version <= 2.17)

OR cpe:/a:kde:kde_sc:4.7.0:*:*:*:*:*:*:*

OR cpe:/a:kde:kde_sc:4.7.1:*:*:*:*:*:*:*

OR cpe:/a:kde:kde_sc:4.7.2:*:*:*:*:*:*:*

OR cpe:/a:kde:kde_sc:4.7.3:*:*:*:*:*:*:*

OR cpe:/a:kde:kde_sc:*:*:*:*:*:*:*:* (Version <= 4.7.4)

Configuration 2:

cpe:/o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

OR cpe:/o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20112725	V	CVE-2011-2725	2022-05-20
oval:org.opensuse.security:def:42275	P	Security update for aide (Important)	2022-01-21
oval:org.opensuse.security:def:31336	P	Security update for chrony (Moderate)	2021-12-22
oval:org.opensuse.security:def:31335	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:33751	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:33051	P	Security update for ruby2.1 (Important)	2021-12-01
oval:org.opensuse.security:def:32228	P	Security update for java-1_7_0-openjdk (Important)	2021-11-24
oval:org.opensuse.security:def:32220	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-11-19
oval:org.opensuse.security:def:31702	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:26150	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:26136	P	Security update for gd (Moderate)	2021-09-23
oval:org.opensuse.security:def:33012	P	Security update for xen (Important)	2021-09-23
oval:org.opensuse.security:def:32995	P	Security update for file (Important)	2021-09-02
oval:org.opensuse.security:def:29413	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:32984	P	Security update for python-PyYAML (Important)	2021-08-24
oval:org.opensuse.security:def:32983	P	Security update for cpio (Important)	2021-08-23
oval:org.opensuse.security:def:32164	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:34497	P	Security update for java-11-openjdk (Important)	2021-08-05
oval:org.opensuse.security:def:26097	P	Security update for lasso (Important)	2021-08-02
oval:org.opensuse.security:def:32155	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:32152	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-07-27
oval:org.opensuse.security:def:32968	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:32140	P	Security update for MozillaFirefox (Important)	2021-07-16
oval:org.opensuse.security:def:31645	P	Security update for ovmf (Important)	2021-06-22
oval:org.opensuse.security:def:31640	P	Security update for java-1_8_0-openjdk (Moderate)	2021-06-15
oval:org.opensuse.security:def:42495	P	ark-4.3.5-0.3.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36088	P	ark-4.3.5-0.3.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:32111	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:33663	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:26063	P	Security update for dhcp (Important)	2021-06-01
oval:org.opensuse.security:def:26048	P	Security update for the Linux Kernel (Important)	2021-05-13
oval:org.opensuse.security:def:32089	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:33645	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:32901	P	Security update for ImageMagick (Moderate)	2021-04-20
oval:org.opensuse.security:def:26214	P	Security update for wavpack (Important)	2021-03-24
oval:org.opensuse.security:def:32269	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:33775	P	Security update for python-cryptography (Important)	2021-03-02
oval:org.opensuse.security:def:31347	P	Security update for java-1_8_0-ibm (Important)	2021-02-26
oval:org.opensuse.security:def:26194	P	Security update for java-1_7_1-ibm (Important)	2021-02-18
oval:org.opensuse.security:def:33074	P	Security update for jasper (Important)	2021-02-16
oval:org.opensuse.security:def:33712	P	Security update for openvswitch (Important)	2021-02-03
oval:org.opensuse.security:def:32141	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:28919	P	Security update for ImageMagick (Important)	2021-01-22
oval:org.opensuse.security:def:32924	P	Security update for perl-Convert-ASN1 (Moderate)	2021-01-19
oval:org.opensuse.security:def:34457	P	Security update for java-1_7_1-ibm (Moderate)	2021-01-04
oval:org.opensuse.security:def:28875	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:25979	P	Security update for xen (Moderate)	2020-12-18
oval:org.opensuse.security:def:31566	P	Security update for python (Important)	2020-12-11
oval:org.opensuse.security:def:32008	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:28858	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:35868	P	ark-4.3.5-0.3.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32001	P	Security update for python3 (Important)	2020-12-02
oval:org.opensuse.security:def:28985	P	Security update for wireshark (Low)	2020-12-01
oval:org.opensuse.security:def:29328	P	Security update for compat-openssl097g (Important)	2020-12-01
oval:org.opensuse.security:def:29669	P	Security update for dhcp (Moderate)	2020-12-01
oval:org.opensuse.security:def:30408	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31554	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31772	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32330	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:32600	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33361	P	Security update for openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26867	P	ark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25430	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25760	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:26832	P	tftp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25638	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25922	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26267	P	Security update for xawtv (Moderate)	2020-12-01
oval:org.opensuse.security:def:26413	P	Security update for go1.8 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28130	P	Security update for icu (Important)	2020-12-01
oval:org.opensuse.security:def:28338	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28716	P	Security update for java-1_7_0-openjdk (Critical)	2020-12-01
oval:org.opensuse.security:def:29054	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:29708	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:32832	P	ark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32050	P	Security update for kvm (Moderate)	2020-12-01
oval:org.opensuse.security:def:32793	P	system-config-printer on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31555	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31864	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32374	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:32362	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:32756	P	openslp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33449	P	Security update for glibc	2020-12-01
oval:org.opensuse.security:def:25494	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25844	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27086	P	ark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25649	P	Security update for libcdio (Low)	2020-12-01
oval:org.opensuse.security:def:26316	P	Recommended update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:27051	P	vte on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:28131	P	Security update for imlib2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28423	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:28770	P	Security update for libssh2_org	2020-12-01
oval:org.opensuse.security:def:28973	P	Security update for rpcbind (Moderate)	2020-12-01
oval:org.opensuse.security:def:29185	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:29566	P	Security update for OpenEXR (Moderate)	2020-12-01
oval:org.opensuse.security:def:29726	P	Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:31421	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:31789	P	Security update for MozillaFirefox (Moderate)	2020-12-01
oval:org.opensuse.security:def:31921	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:32456	P	Security update for xorg-x11-libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32813	P	yast2-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33209	P	mutt on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33606	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25418	P	Security update for raptor (Important)	2020-12-01
oval:org.opensuse.security:def:25622	P	Security update for wavpack (Moderate)	2020-12-01
oval:org.opensuse.security:def:25995	P	Security update for mariadb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25713	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26355	P	Security update for erlang (Moderate)	2020-12-01
oval:org.opensuse.security:def:29593	P	Security update for ark	2020-12-01
oval:org.opensuse.security:def:28142	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:28480	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:28819	P	Security update for python	2020-12-01
oval:org.opensuse.security:def:29557	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:28974	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:29271	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:29620	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:29770	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:31553	P	Security update for sqlite3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31945	P	Security update for gnutls (Important)	2020-12-01
oval:org.opensuse.security:def:32308	P	Security update for python-numpy (Important)	2020-12-01
oval:org.opensuse.security:def:32513	P	freetype2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32862	P	freeradius-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33304	P	xterm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33819	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:25419	P	Security update for kernel-firmware (Important)	2020-12-01
oval:org.opensuse.security:def:25703	P	Security update for squid (Moderate)	2020-12-01
oval:org.opensuse.security:def:25637	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25841	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26369	P	Security update for Chromium (Important)	2020-12-01
oval:org.opensuse.security:def:28208	P	Security update for libmspack (Moderate)	2020-12-01
oval:org.opensuse.security:def:28564	P	Security update for OpenJDK 1.6	2020-12-01
oval:org.opensuse.security:def:30445	P	Security update for ark	2020-12-01
oval:org.mitre.oval:def:15014	P	USN-1276-1 -- KDE Utilities vulnerability	2014-06-30

BACK