KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kget | Kde | 2.4.2 (including) | 2.4.2 (including) |
| Kdenetwork | Ubuntu | dapper | * |
| Kdenetwork | Ubuntu | hardy | * |
| Kdenetwork | Ubuntu | lucid | * |
References
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html
- http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2
- http://osvdb.org/64689
- http://secunia.com/advisories/39528
- http://secunia.com/advisories/39787
- http://secunia.com/secunia_research/2010-70/
- http://securitytracker.com/id?1023984
- http://www.kde.org/info/security/advisory-20100513-1.txt
- http://www.securityfocus.com/archive/1/511279/100/0/threaded
- http://www.securityfocus.com/archive/1/511294/100/0/threaded
- http://www.securityfocus.com/bid/40141
- http://www.ubuntu.com/usn/USN-938-1
- http://www.vupen.com/english/advisories/2010/1142
- http://www.vupen.com/english/advisories/2010/1144
- http://www.vupen.com/english/advisories/2010/3096
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58629
- http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html
- http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2
- http://osvdb.org/64689
- http://secunia.com/advisories/39528
- http://secunia.com/advisories/39787
- http://secunia.com/secunia_research/2010-70/
- http://securitytracker.com/id?1023984
- http://www.kde.org/info/security/advisory-20100513-1.txt
- http://www.securityfocus.com/archive/1/511279/100/0/threaded
- http://www.securityfocus.com/archive/1/511294/100/0/threaded
- http://www.securityfocus.com/bid/40141
- http://www.ubuntu.com/usn/USN-938-1
- http://www.vupen.com/english/advisories/2010/1142
- http://www.vupen.com/english/advisories/2010/1144
- http://www.vupen.com/english/advisories/2010/3096
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58629