CVE-2010-1000

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
flexeraCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 85%
VendorProductVersion
kdekde_sc
4.0.0
kdekde_sc
4.0.0:alpha1
kdekde_sc
4.0.0:alpha2
kdekde_sc
4.0.0:beta1
kdekde_sc
4.0.0:beta2
kdekde_sc
4.0.0:beta3
kdekde_sc
4.0.0:beta4
kdekde_sc
4.0.0:rc1
kdekde_sc
4.0.0:rc2
kdekde_sc
4.0.1
kdekde_sc
4.0.2
kdekde_sc
4.0.3
kdekde_sc
4.0.4
kdekde_sc
4.0.5
kdekde_sc
4.1.0
kdekde_sc
4.1.0:alpha1
kdekde_sc
4.1.0:beta1
kdekde_sc
4.1.0:beta2
kdekde_sc
4.1.0:rc
kdekde_sc
4.1.1
kdekde_sc
4.1.2
kdekde_sc
4.1.3
kdekde_sc
4.1.4
kdekde_sc
4.1.80
kdekde_sc
4.1.85
kdekde_sc
4.1.96
kdekde_sc
4.2:beta2
kdekde_sc
4.2:rc
kdekde_sc
4.2.0
kdekde_sc
4.2.1
kdekde_sc
4.2.2
kdekde_sc
4.2.3
kdekde_sc
4.2.4
kdekde_sc
4.3.0
kdekde_sc
4.3.0:beta1
kdekde_sc
4.3.0:beta3
kdekde_sc
4.3.0:rc1
kdekde_sc
4.3.0:rc2
kdekde_sc
4.3.0:rc3
kdekde_sc
4.3.1
kdekde_sc
4.3.2
kdekde_sc
4.3.3
kdekde_sc
4.3.4
kdekde_sc
4.3.5
kdekde_sc
4.4.0
kdekde_sc
4.4.0:beta1
kdekde_sc
4.4.0:beta2
kdekde_sc
4.4.0:rc1
kdekde_sc
4.4.0:rc2
kdekde_sc
4.4.0:rc3
kdekde_sc
4.4.1
kdekde_sc
4.4.2
kdekde_sc
4.4.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kdenetwork
lucid
Fixed 4:4.4.2-0ubuntu4.1
released
karmic
Fixed 4:4.3.2-0ubuntu4.1
released
jaunty
Fixed 4:4.2.2-0ubuntu2.3
released
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://marc.info/?l=oss-security&m=127378789518426&w=2
http://osvdb.org/64690
http://secunia.com/advisories/39528
http://secunia.com/advisories/39787
http://secunia.com/advisories/42423
http://secunia.com/secunia_research/2010-69/
http://securitytracker.com/id?1023984
http://www.kde.org/info/security/advisory-20100513-1.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2010:098
http://www.securityfocus.com/archive/1/511281/100/0/threaded
http://www.securityfocus.com/archive/1/511294/100/0/threaded
http://www.securityfocus.com/bid/40141
http://www.ubuntu.com/usn/USN-938-1
http://www.vupen.com/english/advisories/2010/1142
http://www.vupen.com/english/advisories/2010/1144
http://www.vupen.com/english/advisories/2010/3096
http://www.vupen.com/english/advisories/2011/1101
https://exchange.xforce.ibmcloud.com/vulnerabilities/58628
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://marc.info/?l=oss-security&m=127378789518426&w=2
http://osvdb.org/64690
http://secunia.com/advisories/39528
http://secunia.com/advisories/39787
http://secunia.com/advisories/42423
http://secunia.com/secunia_research/2010-69/
http://securitytracker.com/id?1023984
http://www.kde.org/info/security/advisory-20100513-1.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2010:098
http://www.securityfocus.com/archive/1/511281/100/0/threaded
http://www.securityfocus.com/archive/1/511294/100/0/threaded
http://www.securityfocus.com/bid/40141
http://www.ubuntu.com/usn/USN-938-1
http://www.vupen.com/english/advisories/2010/1142
http://www.vupen.com/english/advisories/2010/1144
http://www.vupen.com/english/advisories/2010/3096
http://www.vupen.com/english/advisories/2011/1101
https://exchange.xforce.ibmcloud.com/vulnerabilities/58628