CVE-2011-1586

Related Files

Mandriva Linux Security Advisory 2011-081

Posted May 2, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-081 - Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a dot dot in the name attribute of a file element in a metalink file.

tags | advisory, remote, arbitrary

systems | linux, mandriva

advisories | CVE-2011-1586

SHA-256 | fc127713d8ef1e9a75c6a5226437ea6403cc42a9d2d302d3f21f67e296f07e1a

Download | Favorite | View

Ubuntu Security Notice USN-1114-1

Posted Apr 19, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1114-1 - It was discovered that KGet did not properly perform input validation when processing metalink files. If a user were tricked into opening a crafted metalink file, a remote attacker could overwrite files via directory traversal, which could eventually lead to arbitrary code execution.

tags | advisory, remote, arbitrary, code execution

systems | linux, ubuntu

advisories | CVE-2011-1586

SHA-256 | 199469c643b5e4c304c02c3d9fc6e2fb4d3cadbdda2742ae7e4a442ce97d9f12

Download | Favorite | View