CVE-2010-1511

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html
http://marc.info/?l=oss-security&m=127378789518426&w=2
http://osvdb.org/64689
http://secunia.com/advisories/39528	Vendor Advisory
http://secunia.com/advisories/39787	Vendor Advisory
http://secunia.com/secunia_research/2010-70/	Vendor Advisory
http://securitytracker.com/id?1023984
http://www.kde.org/info/security/advisory-20100513-1.txt	Vendor Advisory
http://www.securityfocus.com/archive/1/511279/100/0/threaded
http://www.securityfocus.com/archive/1/511294/100/0/threaded
http://www.securityfocus.com/bid/40141
http://www.ubuntu.com/usn/USN-938-1
http://www.vupen.com/english/advisories/2010/1142	Vendor Advisory
http://www.vupen.com/english/advisories/2010/1144	Vendor Advisory
http://www.vupen.com/english/advisories/2010/3096	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/58629

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:kde:kget:2.4.2:*:*:*:*:*:*:*

OR	cpe:2.3:a:kde:kde_sc:2.2.0:::::::*
	cpe:2.3:a:kde:kde_sc:3.5.10:::::::*
	cpe:2.3:a:kde:kde_sc:4.0.0:::::::*
	cpe:2.3:a:kde:kde_sc:4.0.0:alpha1::::::
	cpe:2.3:a:kde:kde_sc:4.0.0:alpha2::::::
	cpe:2.3:a:kde:kde_sc:4.0.0:beta1::::::
	cpe:2.3:a:kde:kde_sc:4.0.0:beta2::::::
	cpe:2.3:a:kde:kde_sc:4.0.0:beta3::::::
	cpe:2.3:a:kde:kde_sc:4.0.0:beta4::::::
	cpe:2.3:a:kde:kde_sc:4.0.0:rc1::::::
	cpe:2.3:a:kde:kde_sc:4.0.0:rc2::::::
	cpe:2.3:a:kde:kde_sc:4.0.1:::::::*
	cpe:2.3:a:kde:kde_sc:4.0.2:::::::*
	cpe:2.3:a:kde:kde_sc:4.0.3:::::::*
	cpe:2.3:a:kde:kde_sc:4.0.4:::::::*
	cpe:2.3:a:kde:kde_sc:4.0.5:::::::*
	cpe:2.3:a:kde:kde_sc:4.1.0:::::::*
	cpe:2.3:a:kde:kde_sc:4.1.0:alpha1::::::
	cpe:2.3:a:kde:kde_sc:4.1.0:beta1::::::
	cpe:2.3:a:kde:kde_sc:4.1.0:beta2::::::
	cpe:2.3:a:kde:kde_sc:4.1.0:rc::::::
	cpe:2.3:a:kde:kde_sc:4.1.1:::::::*
	cpe:2.3:a:kde:kde_sc:4.1.2:::::::*
	cpe:2.3:a:kde:kde_sc:4.1.3:::::::*
	cpe:2.3:a:kde:kde_sc:4.1.4:::::::*
	cpe:2.3:a:kde:kde_sc:4.1.80:::::::*
	cpe:2.3:a:kde:kde_sc:4.1.85:::::::*
	cpe:2.3:a:kde:kde_sc:4.1.96:::::::*
	cpe:2.3:a:kde:kde_sc:4.2:beta2::::::
	cpe:2.3:a:kde:kde_sc:4.2:rc::::::
	cpe:2.3:a:kde:kde_sc:4.2.0:::::::*
	cpe:2.3:a:kde:kde_sc:4.2.1:::::::*
	cpe:2.3:a:kde:kde_sc:4.2.2:::::::*
	cpe:2.3:a:kde:kde_sc:4.2.3:::::::*
	cpe:2.3:a:kde:kde_sc:4.2.4:::::::*
	cpe:2.3:a:kde:kde_sc:4.3.0:::::::*
	cpe:2.3:a:kde:kde_sc:4.3.0:beta1::::::
	cpe:2.3:a:kde:kde_sc:4.3.0:beta3::::::
	cpe:2.3:a:kde:kde_sc:4.3.0:rc1::::::
	cpe:2.3:a:kde:kde_sc:4.3.0:rc2::::::
	cpe:2.3:a:kde:kde_sc:4.3.0:rc3::::::
	cpe:2.3:a:kde:kde_sc:4.3.1:::::::*
	cpe:2.3:a:kde:kde_sc:4.3.2:::::::*
	cpe:2.3:a:kde:kde_sc:4.3.3:::::::*
	cpe:2.3:a:kde:kde_sc:4.3.4:::::::*
	cpe:2.3:a:kde:kde_sc:4.3.5:::::::*
	cpe:2.3:a:kde:kde_sc:4.4.0:::::::*
	cpe:2.3:a:kde:kde_sc:4.4.0:beta1::::::
	cpe:2.3:a:kde:kde_sc:4.4.0:beta2::::::
	cpe:2.3:a:kde:kde_sc:4.4.0:rc1::::::
	cpe:2.3:a:kde:kde_sc:4.4.0:rc2::::::
	cpe:2.3:a:kde:kde_sc:4.4.0:rc3::::::
	cpe:2.3:a:kde:kde_sc:4.4.1:::::::*
	cpe:2.3:a:kde:kde_sc:4.4.2:::::::*
	cpe:2.3:a:kde:kde_sc:4.4.3:::::::*

History

No history.

Information

Published : 2010-05-17 21:00

Updated : 2018-10-10 19:57

NVD link : CVE-2010-1511

Mitre link : CVE-2010-1511

CVE.ORG link : CVE-2010-1511

JSON object : View

Products Affected

kde

kget
kde_sc

CWE

CWE-264

Permissions, Privileges, and Access Controls

6.4 /10