CVE-2010-1511

high

Description

KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request download confirmation from the user, which makes it easier for remote attackers to overwrite arbitrary files via a crafted metalink file.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/58629

http://www.vupen.com/english/advisories/2010/3096

http://www.vupen.com/english/advisories/2010/1144

http://www.vupen.com/english/advisories/2010/1142

http://www.ubuntu.com/usn/USN-938-1

http://www.securityfocus.com/bid/40141

http://www.securityfocus.com/archive/1/511294/100/0/threaded

http://www.securityfocus.com/archive/1/511279/100/0/threaded

http://www.kde.org/info/security/advisory-20100513-1.txt

http://securitytracker.com/id?1023984

http://secunia.com/secunia_research/2010-70/

http://secunia.com/advisories/39787

http://secunia.com/advisories/39528

http://osvdb.org/64689

http://marc.info/?l=oss-security&m=127378789518426&w=2

http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html

Details

Source: Mitre, NVD

Published: 2010-05-17

Updated: 2018-10-10

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

Detections

Analytics