‘KDE KGet metalink ‘name’ Directory Traversal Vulnerability’

Summary

‘A vulnerability was discovered in KDE, which can be exploited by malicious people to compromise a user’s system.’

Credit:

‘The information has been provided by Stefan Cornelius.
The original article can be found at: http://secunia.com/secunia_research/2010-69/


Details

Vulnerable Systems:
 * KDE 4.4.2 (KGet 2.4.2)

The vulnerability is caused due to KGet not properly sanitising the ‘name’ attribute of the ‘file’ element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks.

Patch Availability:
Apply patches for the 4.3 and 4.4 branches committed to the KDE Subversion repository.

CVE Information:
CVE-2010-1000

Disclosure Timeline:
30/04/2010 – Vendor notified.
02/05/2010 – Vendor response.
13/05/2010 – Public disclosure.’

Categories: UNIX