CVE-2010-1511 Information
Description
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
Reference
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html http://marc.info/?l=oss-security&m=127378789518426&w=2 http://osvdb.org/64689 http://secunia.com/advisories/39528 http://secunia.com/advisories/39787 http://secunia.com/secunia_research/2010-70/ http://securitytracker.com/id?1023984 http://www.kde.org/info/security/advisory-20100513-1.txt http://www.securityfocus.com/archive/1/511279/100/0/threaded http://www.securityfocus.com/archive/1/511294/100/0/threaded http://www.securityfocus.com/bid/40141 http://www.ubuntu.com/usn/USN-938-1 http://www.vupen.com/english/advisories/2010/1142 http://www.vupen.com/english/advisories/2010/1144 http://www.vupen.com/english/advisories/2010/3096 https://exchange.xforce.ibmcloud.com/vulnerabilities/58629
Share on: