Lucene search
UbuntuUSN-1114-1HistoryApr 18, 2011 - 12:00 a.m.
KDENetwork vulnerability
2011-04-1800:00:00
ubuntu.com
39
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.005
Percentile
76.3%
Releases
- Ubuntu 10.10
- Ubuntu 10.04
- Ubuntu 9.10
Packages
- kdenetwork - networking applications for KDE 4
Details
It was discovered that KGet did not properly perform input validation when
processing metalink files. If a user were tricked into opening a crafted
metalink file, a remote attacker could overwrite files via directory
traversal, which could eventually lead to arbitrary code execution.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.10 | noarch | kget | < 4:4.3.2-0ubuntu4.5 | UNKNOWN |
| Ubuntu | 9.10 | noarch | kde-zeroconf | < 4:4.3.2-0ubuntu4.5 | UNKNOWN |
| Ubuntu | 9.10 | noarch | kdenetwork-dbg | < 4:4.3.2-0ubuntu4.5 | UNKNOWN |
| Ubuntu | 9.10 | noarch | kdenetwork-filesharing | < 4:4.3.2-0ubuntu4.5 | UNKNOWN |
| Ubuntu | 9.10 | noarch | kopete | < 4:4.3.2-0ubuntu4.5 | UNKNOWN |
| Ubuntu | 9.10 | noarch | kppp | < 4:4.3.2-0ubuntu4.5 | UNKNOWN |
| Ubuntu | 9.10 | noarch | krdc | < 4:4.3.2-0ubuntu4.5 | UNKNOWN |
| Ubuntu | 9.10 | noarch | krfb | < 4:4.3.2-0ubuntu4.5 | UNKNOWN |
| Ubuntu | 9.10 | noarch | libkopete-dev | < 4:4.3.2-0ubuntu4.5 | UNKNOWN |
| Ubuntu | 9.10 | noarch | libkopete4 | < 4:4.3.2-0ubuntu4.5 | UNKNOWN |
References
Related
nessus
nessus
Scientific Linux Security Update : kdenetwork on SL6.x i386/x86_64
2012-08-01 00:00:00
Ubuntu 9.10 / 10.04 LTS / 10.10 : kdenetwork vulnerability (USN-1114-1)
2011-06-13 00:00:00
Mandriva Linux Security Advisory : kdenetwork4 (MDVSA-2011:081)
2011-05-03 00:00:00
redhat
redhat
(RHSA-2011:0465) Important: kdenetwork security update
2011-04-21 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1114-1)
2011-05-10 00:00:00
Ubuntu Update for kdenetwork USN-1114-1
2011-05-10 00:00:00
Mandriva Update for kdenetwork4 MDVSA-2011:081 (kdenetwork4)
2011-05-06 00:00:00
securityvulns
securityvulns
[USN-1114-1] KDENetwork vulnerability
2011-04-19 00:00:00
KDE KGet directory traversal
2011-04-19 00:00:00
veracode
veracode
Directory Traversal
2020-04-10 01:01:43
ubuntucve
ubuntucve
CVE-2011-1586
2011-04-18 00:00:00
prion
prion
Directory traversal
2011-04-27 00:55:00
oraclelinux
oraclelinux
kdenetwork security update
2011-04-21 00:00:00
cvelist
cvelist
CVE-2011-1586
2011-04-27 00:00:00
cve
cve
CVE-2011-1586
2011-04-27 00:55:04
nvd
nvd
CVE-2011-1586
2011-04-27 00:55:04
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
6.9
Confidence
Low
EPSS
0.005
Percentile
76.3%
Related for USN-1114-1