REDHAT-BUG-591631
First published: Wed May 12 2010(Updated: )
Secunia Research reported a flaw in KDE KGet that can be used by a malicious attacker to potentially compromise a user's system. The "name" attribute of the "file" element in metalink files is not properly sanitized before being used to download files. If a user were tricked into downloading a specially crafted metalink file, it could be used to download files to directories outside of the intended download directory via directory traversal flaws. KGet will start to download files in the background even before a user confirms whether or not they want the particular file downloaded, which could lead to KGet silently overwriting existing files with the same name. This flaw has been assigned the name <a href="https://access.redhat.com/security/cve/CVE-2010-1000">CVE-2010-1000</a>. It also only affects KGet in KDE 4.x and does not affect earlier versions. Only Red Hat Enterprise Linux 6 and Fedora would be affected.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Krzysztof Kozlowski Konwert | >=4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2010-1000
- http://lists.grok.org.uk/pipermail/full-disclosure/2010-May/074535.html
- http://kde.org/info/security/advisory-20100513-1.txt
- http://www.kde.org/info/security/advisory-20100513-1.txt
- https://access.redhat.com/security/cve/CVE-2010-1511
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=591966
- http://admin.fedoraproject.org/updates/kde-l10n-4.4.3-1.fc13,kdeaccessibility-4.4.3-1.fc13.1,kdeadmin-4.4.3-1.fc13.1,kdeartwork-4.4.3-1.fc13.1,kdebase-4.4.3-2.fc13.1,kdebase-runtime-4.4.3-1.fc13.1,kdebase-workspace-4.4.3-1.fc13.1,kdebindings-4.4.3-1.fc13.1,kdeedu-4.4.3-1.fc13.1,kdegames-4.4.3-1.fc13.1,kdegraphics-4.4.3-1.fc13.1,kdelibs-4.4.3-2.fc13,kdemultimedia-4.4.3-1.fc13.1,kdenetwork-4.4.3-3.fc13,kdepim-4.4.3-1.fc13.1,kdepim-runtime-4.4.3-1.fc13.1,kdepimlibs-4.4.3-1.fc13.1,kdeplasma-addons-4.4.3-1.fc13.1,kdesdk-4.4.3-1.fc13.1,kdetoys-4.4.3-1.fc13.1,kdeutils-4.4.3-1.fc13.1,oxygen-icon-theme-4.4.3-1.fc13
- http://admin.fedoraproject.org/updates/kde-l10n-4.4.3-1.fc12,kdeaccessibility-4.4.3-1.fc12.1,kdeadmin-4.4.3-1.fc12.1,kdeartwork-4.4.3-1.fc12.1,kdebase-4.4.3-2.fc12.1,kdebase-runtime-4.4.3-1.fc12.1,kdebase-workspace-4.4.3-1.fc12.1,kdebindings-4.4.3-1.fc12.1,kdeedu-4.4.3-1.fc12.1,kdegames-4.4.3-1.fc12.1,kdegraphics-4.4.3-1.fc12.1,kdelibs-4.4.3-2.fc12,kdemultimedia-4.4.3-1.fc12.1,kdenetwork-4.4.3-3.fc12,kdepim-4.4.3-1.fc12.1,kdepim-runtime-4.4.3-1.fc12.1,kdepimlibs-4.4.3-1.fc12.1,kdeplasma-addons-4.4.3-1.fc12.1,kdesdk-4.4.3-1.fc12.1,kdetoys-4.4.3-1.fc12.1,kdeutils-4.4.3-1.fc12.1,oxygen-icon-theme-4.4.3-1.fc12
- http://admin.fedoraproject.org/updates/kde-l10n-4.4.3-1.fc11,kdeaccessibility-4.4.3-1.fc11.1,kdeadmin-4.4.3-1.fc11.1,kdeartwork-4.4.3-1.fc11.1,kdebase-4.4.3-2.fc11.1,kdebase-runtime-4.4.3-1.fc11.1,kdebase-workspace-4.4.3-1.fc11.1,kdebindings-4.4.3-1.fc11.1,kdeedu-4.4.3-1.fc11.1,kdegames-4.4.3-1.fc11.1,kdegraphics-4.4.3-1.fc11.1,kdelibs-4.4.3-2.fc11,kdemultimedia-4.4.3-1.fc11.1,kdenetwork-4.4.3-3.fc11,kdepim-4.4.3-1.fc11.1,kdepim-runtime-4.4.3-1.fc11.1,kdepimlibs-4.4.3-1.fc11.1,kdeplasma-addons-4.4.3-1.fc11.1,kdesdk-4.4.3-1.fc11.1,kdetoys-4.4.3-1.fc11.1,kdeutils-4.4.3-1.fc11.1,oxygen-icon-theme-4.4.3-1.fc11
- https://bugzilla.redhat.com/show_bug.cgi?id=591631
Frequently Asked Questions
What is the severity of REDHAT-BUG-591631?
The severity of REDHAT-BUG-591631 is considered high due to the potential for remote compromise of a user's system.
How do I fix REDHAT-BUG-591631?
To fix REDHAT-BUG-591631, ensure that you update KDE KGet to a patched version that sanitizes the 'name' attribute properly.
What software is affected by REDHAT-BUG-591631?
KDE KGet version 4.0 and above is affected by REDHAT-BUG-591631.
What is the nature of the vulnerability in REDHAT-BUG-591631?
The vulnerability in REDHAT-BUG-591631 involves improper sanitization of the 'name' attribute in metalink files.
Can REDHAT-BUG-591631 lead to data theft?
Yes, exploitation of REDHAT-BUG-591631 could potentially allow a malicious attacker to compromise and access sensitive user data.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-1000
- agent/source
- agent/severity
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/kde
- canonical/krzysztof kozlowski konwert