SecuritySpace - CVE-2011-1586

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

CVE Kennung:	CVE-2011-1586
Beschreibung:	Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000.
Test Kennungen:	1.3.6.1.4.1.25623.1.0.70823 1.3.6.1.4.1.25623.1.0.122188 1.3.6.1.4.1.25623.1.0.840643
Querverweise:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1586 http://www.mandriva.com/security/advisories?name=MDVSA-2011:081 http://openwall.com/lists/oss-security/2011/04/15/9 RedHat Security Advisories: RHSA-2011:0465 http://www.redhat.com/support/errata/RHSA-2011-0465.html http://secunia.com/advisories/44124 http://secunia.com/advisories/44329 http://www.ubuntu.com/usn/usn-1114-1/ http://www.vupen.com/english/advisories/2011/1019 http://www.vupen.com/english/advisories/2011/1021 http://www.vupen.com/english/advisories/2011/1135 XForce ISS Database: kget-name-directory-traversal(66826) https://exchange.xforce.ibmcloud.com/vulnerabilities/66826