5.8

CVE-2010-1000

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
KdeKde Sc Version4.0.0
KdeKde Sc Version4.0.0 Updatealpha1
KdeKde Sc Version4.0.0 Updatealpha2
KdeKde Sc Version4.0.0 Updatebeta1
KdeKde Sc Version4.0.0 Updatebeta2
KdeKde Sc Version4.0.0 Updatebeta3
KdeKde Sc Version4.0.0 Updatebeta4
KdeKde Sc Version4.0.0 Updaterc1
KdeKde Sc Version4.0.0 Updaterc2
KdeKde Sc Version4.0.1
KdeKde Sc Version4.0.2
KdeKde Sc Version4.0.3
KdeKde Sc Version4.0.4
KdeKde Sc Version4.0.5
KdeKde Sc Version4.1.0
KdeKde Sc Version4.1.0 Updatealpha1
KdeKde Sc Version4.1.0 Updatebeta1
KdeKde Sc Version4.1.0 Updatebeta2
KdeKde Sc Version4.1.0 Updaterc
KdeKde Sc Version4.1.1
KdeKde Sc Version4.1.2
KdeKde Sc Version4.1.3
KdeKde Sc Version4.1.4
KdeKde Sc Version4.1.80
KdeKde Sc Version4.1.85
KdeKde Sc Version4.1.96
KdeKde Sc Version4.2 Updatebeta2
KdeKde Sc Version4.2 Updaterc
KdeKde Sc Version4.2.0
KdeKde Sc Version4.2.1
KdeKde Sc Version4.2.2
KdeKde Sc Version4.2.3
KdeKde Sc Version4.2.4
KdeKde Sc Version4.3.0
KdeKde Sc Version4.3.0 Updatebeta1
KdeKde Sc Version4.3.0 Updatebeta3
KdeKde Sc Version4.3.0 Updaterc1
KdeKde Sc Version4.3.0 Updaterc2
KdeKde Sc Version4.3.0 Updaterc3
KdeKde Sc Version4.3.1
KdeKde Sc Version4.3.2
KdeKde Sc Version4.3.3
KdeKde Sc Version4.3.4
KdeKde Sc Version4.3.5
KdeKde Sc Version4.4.0
KdeKde Sc Version4.4.0 Updatebeta1
KdeKde Sc Version4.4.0 Updatebeta2
KdeKde Sc Version4.4.0 Updaterc1
KdeKde Sc Version4.4.0 Updaterc2
KdeKde Sc Version4.4.0 Updaterc3
KdeKde Sc Version4.4.1
KdeKde Sc Version4.4.2
KdeKde Sc Version4.4.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.85% 0.888
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:N/I:P/A:P
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html
http://marc.info/?l=oss-security&m=127378789518426&w=2
http://osvdb.org/64690
http://secunia.com/advisories/39528
Vendor Advisory
http://secunia.com/advisories/39787
Vendor Advisory
http://secunia.com/advisories/42423
Vendor Advisory
http://secunia.com/secunia_research/2010-69/
Vendor Advisory
http://securitytracker.com/id?1023984
http://www.kde.org/info/security/advisory-20100513-1.txt
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:098
http://www.securityfocus.com/archive/1/511281/100/0/threaded
http://www.securityfocus.com/archive/1/511294/100/0/threaded
http://www.securityfocus.com/bid/40141
http://www.ubuntu.com/usn/USN-938-1
http://www.vupen.com/english/advisories/2010/1142
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1144
Vendor Advisory
http://www.vupen.com/english/advisories/2010/3096
Vendor Advisory
http://www.vupen.com/english/advisories/2011/1101
https://exchange.xforce.ibmcloud.com/vulnerabilities/58628