386295 – <kde-base/kget-4.6.2-r1: directory traversal vulnerability (CVE-2011-1586)

Bug 386295 - <kde-base/kget-4.6.2-r1: directory traversal vulnerability (CVE-2011-1586)

Summary: <kde-base/kget-4.6.2-r1: directory traversal vulnerability (CVE-2011-1586)

Status:	RESOLVED DUPLICATE of bug 363881

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2011-10-08 13:39 UTC by GLSAMaker/CVETool Bot
Modified:	2012-03-10 23:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2011-10-08 13:39:52 UTC

CVE-2011-1586 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1586):
  Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr
  function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and
  earlier allows remote attackers to create arbitrary files via a .. (dot dot)
  in the name attribute of a file element in a metalink file.  NOTE: this
  vulnerability exists because of an incomplete fix for CVE-2010-1000.

Comment 1 Andreas K. Hüttel archtester

2011-10-16 11:14:35 UTC

No vulnerable versions in the tree anymore, nothing left to do for kde.

Comment 2 Sean Amoss (RETIRED) gentoo-dev

2012-03-10 23:06:48 UTC

Added to existing GLSA request

*** This bug has been marked as a duplicate of bug 363881 ***