CVE-2010-1000

Published: May 17, 2010Modified: Apr 29, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:P

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

Affected (53)

Products: Kde: Kde Sc

1 product

Configuration A

53 vulnerable

Vulnerable Software	Affected Versions
Kde Kde Sc	Version 4.0.0
Kde Kde Sc	Version 4.0.0 alpha1
Kde Kde Sc	Version 4.0.0 alpha2
Kde Kde Sc	Version 4.0.0 beta1
Kde Kde Sc	Version 4.0.0 beta2
Kde Kde Sc	Version 4.0.0 beta3
Kde Kde Sc	Version 4.0.0 beta4
Kde Kde Sc	Version 4.0.0 rc1
Kde Kde Sc	Version 4.0.0 rc2
Kde Kde Sc	Version 4.0.1
Kde Kde Sc	Version 4.0.2
Kde Kde Sc	Version 4.0.3
Kde Kde Sc	Version 4.0.4
Kde Kde Sc	Version 4.0.5
Kde Kde Sc	Version 4.1.0
Kde Kde Sc	Version 4.1.0 alpha1
Kde Kde Sc	Version 4.1.0 beta1
Kde Kde Sc	Version 4.1.0 beta2
Kde Kde Sc	Version 4.1.0 rc
Kde Kde Sc	Version 4.1.1
Kde Kde Sc	Version 4.1.2
Kde Kde Sc	Version 4.1.3
Kde Kde Sc	Version 4.1.4
Kde Kde Sc	Version 4.1.80
Kde Kde Sc	Version 4.1.85
Kde Kde Sc	Version 4.1.96
Kde Kde Sc	Version 4.2.0
Kde Kde Sc	Version 4.2.1
Kde Kde Sc	Version 4.2.2
Kde Kde Sc	Version 4.2.3
Kde Kde Sc	Version 4.2.4
Kde Kde Sc	Version 4.2 beta2
Kde Kde Sc	Version 4.2 rc
Kde Kde Sc	Version 4.3.0
Kde Kde Sc	Version 4.3.0 beta1
Kde Kde Sc	Version 4.3.0 beta3
Kde Kde Sc	Version 4.3.0 rc1
Kde Kde Sc	Version 4.3.0 rc2
Kde Kde Sc	Version 4.3.0 rc3
Kde Kde Sc	Version 4.3.1
Kde Kde Sc	Version 4.3.2
Kde Kde Sc	Version 4.3.3
Kde Kde Sc	Version 4.3.4
Kde Kde Sc	Version 4.3.5
Kde Kde Sc	Version 4.4.0
Kde Kde Sc	Version 4.4.0 beta1
Kde Kde Sc	Version 4.4.0 beta2
Kde Kde Sc	Version 4.4.0 rc1
Kde Kde Sc	Version 4.4.0 rc2
Kde Kde Sc	Version 4.4.0 rc3
Kde Kde Sc	Version 4.4.1
Kde Kde Sc	Version 4.4.2
Kde Kde Sc	Version 4.4.3

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (42)

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html

Source: PSIRT-CNA@flexerasoftware.com

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html

Source: PSIRT-CNA@flexerasoftware.com

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

Source: PSIRT-CNA@flexerasoftware.com

http://marc.info/?l=oss-security&m=127378789518426&w=2

Source: PSIRT-CNA@flexerasoftware.com

http://osvdb.org/64690

Source: PSIRT-CNA@flexerasoftware.com

http://secunia.com/advisories/39528

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://secunia.com/advisories/39787

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://secunia.com/advisories/42423

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://secunia.com/secunia_research/2010-69/

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://securitytracker.com/id?1023984

Source: PSIRT-CNA@flexerasoftware.com

http://www.kde.org/info/security/advisory-20100513-1.txt

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2010:098

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/511281/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/archive/1/511294/100/0/threaded

Source: PSIRT-CNA@flexerasoftware.com

http://www.securityfocus.com/bid/40141

Source: PSIRT-CNA@flexerasoftware.com

http://www.ubuntu.com/usn/USN-938-1

Source: PSIRT-CNA@flexerasoftware.com

http://www.vupen.com/english/advisories/2010/1142

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/1144

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://www.vupen.com/english/advisories/2010/3096

Source: PSIRT-CNA@flexerasoftware.com

Vendor Advisory

http://www.vupen.com/english/advisories/2011/1101

Source: PSIRT-CNA@flexerasoftware.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/58628

Source: PSIRT-CNA@flexerasoftware.com

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=oss-security&m=127378789518426&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/64690

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/39528

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/39787

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/42423

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/secunia_research/2010-69/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1023984

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kde.org/info/security/advisory-20100513-1.txt

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2010:098

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/511281/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/511294/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/40141

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-938-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2010/1142

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2010/1144

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2010/3096

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2011/1101

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/58628

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.