CVE-2010-1000

Publication date 12 May 2010

Last updated 24 July 2024

Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
kdenetwork	10.04 LTS lucid	Fixed 4:4.4.2-0ubuntu4.1
	9.10 karmic	Fixed 4:4.3.2-0ubuntu4.1
	9.04 jaunty	Fixed 4:4.2.2-0ubuntu2.3
	8.04 LTS hardy	Ignored end of life
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

overwrite of arbitrary files with permissions of user invoking the program. When combined with startup programs and sourced files can lead to arbitrary remote code execution.

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-938-1
KDENetwork vulnerabilities
13 May 2010

Other references

http://kde.org/info/security/advisory-20100513-1.txt
https://www.cve.org/CVERecord?id=CVE-2010-1000