CVE-2011-2725 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:P/I:P/A:P
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 67%

Vendor	Product	Version
kde	ark	𝑥 ≤ 2.17
kde	kde_sc	𝑥 ≤ 4.7.4
kde	kde_sc	4.7.0
kde	kde_sc	4.7.1
kde	kde_sc	4.7.2
kde	kde_sc	4.7.3
canonical	ubuntu_linux	10.04
canonical	ubuntu_linux	10.10
canonical	ubuntu_linux	11.04
canonical	ubuntu_linux	11.10
opensuse	opensuse	11.4

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

kdeutils

oneiric	Fixed 4:4.7.1-0ubuntu3.1 released
natty	Fixed 4:4.6.5-0ubuntu1.2 released
maverick	Fixed 4:4.5.5-0ubuntu2.2 released
lucid	Fixed 4:4.4.5-0ubuntu1.2 released
hardy	ignored

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html

http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html

http://seclists.org/fulldisclosure/2011/Oct/351

http://www.ubuntu.com/usn/USN-1276-1

https://bugzilla.novell.com/show_bug.cgi?id=708268

https://bugzilla.redhat.com/show_bug.cgi?id=725764

http://lists.opensuse.org/opensuse-updates/2012-03/msg00002.html

http://packetstormsecurity.com/files/105610/Ark-2.16-Directory-Traversal.html

http://seclists.org/fulldisclosure/2011/Oct/351

http://www.ubuntu.com/usn/USN-1276-1

https://bugzilla.novell.com/show_bug.cgi?id=708268

https://bugzilla.redhat.com/show_bug.cgi?id=725764