CVE-2016-6232

Related Files

Ubuntu Security Notice USN-4100-1

Posted Aug 19, 2019

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4100-1 - It was discovered that KConfig and KDE libraries have a vulnerability where an attacker could hide malicious code under desktop and configuration files. It was discovered that KConfig allows remote attackers to write to arbitrary files via a ../ in a filename in an archive file.

tags | advisory, remote, arbitrary

systems | linux, ubuntu

advisories | CVE-2016-6232, CVE-2019-14744

SHA-256 | 94d50b13c51638daf9db02d19ba31bdcae667c02371857be73dd9cdd16b2bfb4

Download | Favorite | View

Debian Security Advisory 3643-1

Posted Aug 7, 2016

Authored by Debian | Site debian.org

Debian Linux Security Advisory 3643-1 - Andreas Cord-Landwehr discovered that kde4libs, the core libraries for all KDE 4 applications, do not properly handle the extraction of archives with "../" in the file paths. A remote attacker can take advantage of this flaw to overwrite files outside of the extraction folder, if a user is tricked into extracting a specially crafted archive.

tags | advisory, remote

systems | linux, debian

advisories | CVE-2016-6232

SHA-256 | 1a422b9171b9b97d6f54f2f24d9ac352542725ab10a25b57aceca0e4e76ae95b

Download | Favorite | View

Ubuntu Security Notice USN-3042-1

Posted Jul 27, 2016

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3042-1 - Andreas Cord-Landwehr discovered that KDE-Libs incorrectly handled extracting certain archives. If a user were tricked into extracting a specially-crafted archive, a remote attacker could use this issue to overwrite arbitrary files out of the extraction directory.

tags | advisory, remote, arbitrary

systems | linux, ubuntu

advisories | CVE-2016-6232

SHA-256 | 5f7cf77b7f5501688cb173a4207132ce4d544206d68f7befd58ae819acd5d38b

Download | Favorite | View