Vulnerability-Lookup - Search a vulnerability

Vulnerabilites related to kde - kget

CVE-2010-1511 (GCVE-0-2010-1511)

Vulnerability from cvelistv5

Published

2010-05-17 20:42

Modified

2024-08-07 01:28

Severity ?

CWE

Summary

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

References

►

URL

Tags

	http://www.securityfocus.com/bid/40141	vdb-entry, x_refsource_BID
	http://www.ubuntu.com/usn/USN-938-1	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/archive/1/511279/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/511294/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://www.vupen.com/english/advisories/2010/1144	vdb-entry, x_refsource_VUPEN
	http://secunia.com/secunia_research/2010-70/	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilities/58629	vdb-entry, x_refsource_XF
	http://www.kde.org/info/security/advisory-20100513-1.txt	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2010/3096	vdb-entry, x_refsource_VUPEN
	http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html	vendor-advisory, x_refsource_FEDORA
	http://marc.info/?l=oss-security&m=127378789518426&w=2	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/39528	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2010/1142	vdb-entry, x_refsource_VUPEN
	http://securitytracker.com/id?1023984	vdb-entry, x_refsource_SECTRACK
	http://osvdb.org/64689	vdb-entry, x_refsource_OSVDB
	http://secunia.com/advisories/39787	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:28:41.483Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "40141",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40141"
          },
          {
            "name": "USN-938-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-938-1"
          },
          {
            "name": "20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
          },
          {
            "name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
          },
          {
            "name": "ADV-2010-1144",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1144"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2010-70/"
          },
          {
            "name": "kde-metalink-file-overwrite(58629)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
          },
          {
            "name": "ADV-2010-3096",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/3096"
          },
          {
            "name": "FEDORA-2010-18029",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
          },
          {
            "name": "[oss-security] 20100513 KDENetwork vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
          },
          {
            "name": "39528",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39528"
          },
          {
            "name": "ADV-2010-1142",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1142"
          },
          {
            "name": "1023984",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023984"
          },
          {
            "name": "64689",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/64689"
          },
          {
            "name": "39787",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39787"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-05-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "40141",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40141"
        },
        {
          "name": "USN-938-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-938-1"
        },
        {
          "name": "20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
        },
        {
          "name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
        },
        {
          "name": "ADV-2010-1144",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1144"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2010-70/"
        },
        {
          "name": "kde-metalink-file-overwrite(58629)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
        },
        {
          "name": "ADV-2010-3096",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/3096"
        },
        {
          "name": "FEDORA-2010-18029",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
        },
        {
          "name": "[oss-security] 20100513 KDENetwork vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
        },
        {
          "name": "39528",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39528"
        },
        {
          "name": "ADV-2010-1142",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1142"
        },
        {
          "name": "1023984",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023984"
        },
        {
          "name": "64689",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/64689"
        },
        {
          "name": "39787",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39787"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2010-1511",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40141",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/40141"
            },
            {
              "name": "USN-938-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-938-1"
            },
            {
              "name": "20100513 Secunia Research: KDE KGet Insecure File Operation Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/511279/100/0/threaded"
            },
            {
              "name": "20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/511294/100/0/threaded"
            },
            {
              "name": "ADV-2010-1144",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1144"
            },
            {
              "name": "http://secunia.com/secunia_research/2010-70/",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2010-70/"
            },
            {
              "name": "kde-metalink-file-overwrite(58629)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58629"
            },
            {
              "name": "http://www.kde.org/info/security/advisory-20100513-1.txt",
              "refsource": "CONFIRM",
              "url": "http://www.kde.org/info/security/advisory-20100513-1.txt"
            },
            {
              "name": "ADV-2010-3096",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/3096"
            },
            {
              "name": "FEDORA-2010-18029",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html"
            },
            {
              "name": "[oss-security] 20100513 KDENetwork vulnerabilities",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=oss-security\u0026m=127378789518426\u0026w=2"
            },
            {
              "name": "39528",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39528"
            },
            {
              "name": "ADV-2010-1142",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1142"
            },
            {
              "name": "1023984",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023984"
            },
            {
              "name": "64689",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/64689"
            },
            {
              "name": "39787",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39787"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2010-1511",
    "datePublished": "2010-05-17T20:42:00",
    "dateReserved": "2010-04-26T00:00:00",
    "dateUpdated": "2024-08-07T01:28:41.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd