SNS Vulnerability

KDE KGet Metalink Files Processing Directory Traversal Vulnerability

Description

A vulnerability has been identified in KDE, which could be exploited to manipulate files. This issue is caused by an input validation error in KGet when processing metalink files, which could allow attackers to overwrite files via a directory traversal and execute arbitrary code by tricking a user into opening a malicious metalink file.

Vulnerable Products

Vulnerable Software:
KDE versions 4.x

Solution

Apply patch for KDE 4.4 : http://websvn.kde.org/?view=revision&revision=1227468Apply patch for KDE 4.5 : http://websvn.kde.org/?view=revision&revision=1227469

CVE

CVE-2011-1586

References

https://bugs.launchpad.net/ubuntu/+source/kdenetwork/+bug/757526

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
Misc : Directory traversal - parameter starting with ../	3.2.0
Directory traversal using ..\..	3.2.0
Directory traversal	3.2.0
Directory traversal backward root folder	3.2.0

Risk level

Moderate

Vulnerability First Public Report Date

2011-04-19

Target Type

Client

Possible exploit

Local & Remote