Bug 591631 (CVE-2010-1000, CVE-2010-1511)
Summary: | CVE-2010-1000 CVE-2010-1511 kdenetwork: improper sanitization of metalink attribute for downloading files | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | jreznik, ltinkl, rcvalle, security-response-team, than |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-04-15 16:59:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 591966, 591967 | ||
Bug Blocks: |
Description
Vincent Danen
2010-05-12 17:54:25 UTC
This is now public via Ubuntu's advisory (USN-938-1): http://lists.grok.org.uk/pipermail/full-disclosure/2010-May/074535.html I don't see anything from upstream, however. Hi Vincent, yes it's public now - http://kde.org/info/security/advisory-20100513-1.txt. Upstream's advisory: http://www.kde.org/info/security/advisory-20100513-1.txt It also notes CVE-2010-1511, so they've further split the problem as noted in the description into two issues. Quoting the upstream advisory: 1) The "name" attribute of the "file" element of metalink files is not properly sanitized before being used to download files. If a user is tricked into downloading from a specially-crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks. (CVE-2010-1000) 2) In some versions of KGet (2.4.2) a dialog box is displayed allowing the user to choose the file to download out of the options offered by the metalink file. However, KGet will simply go ahead and start the download after some time - even without prior acknowledgment of the user, and overwriting already-existing files of the same name. (CVE-2010-1511) The vulnerabilities were reported by and the above text provided by Stefan Cornelius of Secunia Research. Created kdenetwork tracking bugs for this issue Affects: fedora-all [bug 591966] kde-l10n-4.4.3-1.fc13,kdeaccessibility-4.4.3-1.fc13.1,kdeadmin-4.4.3-1.fc13.1,kdeartwork-4.4.3-1.fc13.1,kdebase-4.4.3-2.fc13.1,kdebase-runtime-4.4.3-1.fc13.1,kdebase-workspace-4.4.3-1.fc13.1,kdebindings-4.4.3-1.fc13.1,kdeedu-4.4.3-1.fc13.1,kdegames-4.4.3-1.fc13.1,kdegraphics-4.4.3-1.fc13.1,kdelibs-4.4.3-2.fc13,kdemultimedia-4.4.3-1.fc13.1,kdenetwork-4.4.3-3.fc13,kdepim-4.4.3-1.fc13.1,kdepim-runtime-4.4.3-1.fc13.1,kdepimlibs-4.4.3-1.fc13.1,kdeplasma-addons-4.4.3-1.fc13.1,kdesdk-4.4.3-1.fc13.1,kdetoys-4.4.3-1.fc13.1,kdeutils-4.4.3-1.fc13.1,oxygen-icon-theme-4.4.3-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/kde-l10n-4.4.3-1.fc13,kdeaccessibility-4.4.3-1.fc13.1,kdeadmin-4.4.3-1.fc13.1,kdeartwork-4.4.3-1.fc13.1,kdebase-4.4.3-2.fc13.1,kdebase-runtime-4.4.3-1.fc13.1,kdebase-workspace-4.4.3-1.fc13.1,kdebindings-4.4.3-1.fc13.1,kdeedu-4.4.3-1.fc13.1,kdegames-4.4.3-1.fc13.1,kdegraphics-4.4.3-1.fc13.1,kdelibs-4.4.3-2.fc13,kdemultimedia-4.4.3-1.fc13.1,kdenetwork-4.4.3-3.fc13,kdepim-4.4.3-1.fc13.1,kdepim-runtime-4.4.3-1.fc13.1,kdepimlibs-4.4.3-1.fc13.1,kdeplasma-addons-4.4.3-1.fc13.1,kdesdk-4.4.3-1.fc13.1,kdetoys-4.4.3-1.fc13.1,kdeutils-4.4.3-1.fc13.1,oxygen-icon-theme-4.4.3-1.fc13 kde-l10n-4.4.3-1.fc12,kdeaccessibility-4.4.3-1.fc12.1,kdeadmin-4.4.3-1.fc12.1,kdeartwork-4.4.3-1.fc12.1,kdebase-4.4.3-2.fc12.1,kdebase-runtime-4.4.3-1.fc12.1,kdebase-workspace-4.4.3-1.fc12.1,kdebindings-4.4.3-1.fc12.1,kdeedu-4.4.3-1.fc12.1,kdegames-4.4.3-1.fc12.1,kdegraphics-4.4.3-1.fc12.1,kdelibs-4.4.3-2.fc12,kdemultimedia-4.4.3-1.fc12.1,kdenetwork-4.4.3-3.fc12,kdepim-4.4.3-1.fc12.1,kdepim-runtime-4.4.3-1.fc12.1,kdepimlibs-4.4.3-1.fc12.1,kdeplasma-addons-4.4.3-1.fc12.1,kdesdk-4.4.3-1.fc12.1,kdetoys-4.4.3-1.fc12.1,kdeutils-4.4.3-1.fc12.1,oxygen-icon-theme-4.4.3-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/kde-l10n-4.4.3-1.fc12,kdeaccessibility-4.4.3-1.fc12.1,kdeadmin-4.4.3-1.fc12.1,kdeartwork-4.4.3-1.fc12.1,kdebase-4.4.3-2.fc12.1,kdebase-runtime-4.4.3-1.fc12.1,kdebase-workspace-4.4.3-1.fc12.1,kdebindings-4.4.3-1.fc12.1,kdeedu-4.4.3-1.fc12.1,kdegames-4.4.3-1.fc12.1,kdegraphics-4.4.3-1.fc12.1,kdelibs-4.4.3-2.fc12,kdemultimedia-4.4.3-1.fc12.1,kdenetwork-4.4.3-3.fc12,kdepim-4.4.3-1.fc12.1,kdepim-runtime-4.4.3-1.fc12.1,kdepimlibs-4.4.3-1.fc12.1,kdeplasma-addons-4.4.3-1.fc12.1,kdesdk-4.4.3-1.fc12.1,kdetoys-4.4.3-1.fc12.1,kdeutils-4.4.3-1.fc12.1,oxygen-icon-theme-4.4.3-1.fc12 kde-l10n-4.4.3-1.fc11,kdeaccessibility-4.4.3-1.fc11.1,kdeadmin-4.4.3-1.fc11.1,kdeartwork-4.4.3-1.fc11.1,kdebase-4.4.3-2.fc11.1,kdebase-runtime-4.4.3-1.fc11.1,kdebase-workspace-4.4.3-1.fc11.1,kdebindings-4.4.3-1.fc11.1,kdeedu-4.4.3-1.fc11.1,kdegames-4.4.3-1.fc11.1,kdegraphics-4.4.3-1.fc11.1,kdelibs-4.4.3-2.fc11,kdemultimedia-4.4.3-1.fc11.1,kdenetwork-4.4.3-3.fc11,kdepim-4.4.3-1.fc11.1,kdepim-runtime-4.4.3-1.fc11.1,kdepimlibs-4.4.3-1.fc11.1,kdeplasma-addons-4.4.3-1.fc11.1,kdesdk-4.4.3-1.fc11.1,kdetoys-4.4.3-1.fc11.1,kdeutils-4.4.3-1.fc11.1,oxygen-icon-theme-4.4.3-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/kde-l10n-4.4.3-1.fc11,kdeaccessibility-4.4.3-1.fc11.1,kdeadmin-4.4.3-1.fc11.1,kdeartwork-4.4.3-1.fc11.1,kdebase-4.4.3-2.fc11.1,kdebase-runtime-4.4.3-1.fc11.1,kdebase-workspace-4.4.3-1.fc11.1,kdebindings-4.4.3-1.fc11.1,kdeedu-4.4.3-1.fc11.1,kdegames-4.4.3-1.fc11.1,kdegraphics-4.4.3-1.fc11.1,kdelibs-4.4.3-2.fc11,kdemultimedia-4.4.3-1.fc11.1,kdenetwork-4.4.3-3.fc11,kdepim-4.4.3-1.fc11.1,kdepim-runtime-4.4.3-1.fc11.1,kdepimlibs-4.4.3-1.fc11.1,kdeplasma-addons-4.4.3-1.fc11.1,kdesdk-4.4.3-1.fc11.1,kdetoys-4.4.3-1.fc11.1,kdeutils-4.4.3-1.fc11.1,oxygen-icon-theme-4.4.3-1.fc11 kde-l10n-4.4.3-1.fc12, kdeaccessibility-4.4.3-1.fc12.1, kdeadmin-4.4.3-1.fc12.1, kdeartwork-4.4.3-1.fc12.1, kdebase-4.4.3-2.fc12.1, kdebase-runtime-4.4.3-1.fc12.1, kdebase-workspace-4.4.3-1.fc12.1, kdebindings-4.4.3-1.fc12.1, kdeedu-4.4.3-1.fc12.1, kdegames-4.4.3-1.fc12.1, kdegraphics-4.4.3-1.fc12.1, kdelibs-4.4.3-2.fc12, kdemultimedia-4.4.3-1.fc12.1, kdenetwork-4.4.3-3.fc12, kdepim-4.4.3-1.fc12.1, kdepim-runtime-4.4.3-1.fc12.1, kdepimlibs-4.4.3-1.fc12.1, kdeplasma-addons-4.4.3-1.fc12.1, kdesdk-4.4.3-1.fc12.1, kdetoys-4.4.3-1.fc12.1, kdeutils-4.4.3-1.fc12.1, oxygen-icon-theme-4.4.3-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. kde-l10n-4.4.3-1.fc13, kdeaccessibility-4.4.3-1.fc13.1, kdeadmin-4.4.3-1.fc13.1, kdeartwork-4.4.3-1.fc13.1, kdebase-4.4.3-2.fc13.1, kdebase-runtime-4.4.3-1.fc13.1, kdebase-workspace-4.4.3-1.fc13.1, kdebindings-4.4.3-1.fc13.1, kdeedu-4.4.3-1.fc13.1, kdegames-4.4.3-1.fc13.1, kdegraphics-4.4.3-1.fc13.1, kdelibs-4.4.3-2.fc13, kdemultimedia-4.4.3-1.fc13.1, kdenetwork-4.4.3-3.fc13, kdepim-4.4.3-1.fc13.1, kdepim-runtime-4.4.3-1.fc13.1, kdepimlibs-4.4.3-1.fc13.1, kdeplasma-addons-4.4.3-1.fc13.1, kdesdk-4.4.3-1.fc13.1, kdetoys-4.4.3-1.fc13.1, kdeutils-4.4.3-1.fc13.1, oxygen-icon-theme-4.4.3-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. kde-l10n-4.4.3-1.fc11, kdeaccessibility-4.4.3-1.fc11.1, kdeadmin-4.4.3-1.fc11.1, kdeartwork-4.4.3-1.fc11.1, kdebase-4.4.3-2.fc11.1, kdebase-runtime-4.4.3-1.fc11.1, kdebase-workspace-4.4.3-1.fc11.1, kdebindings-4.4.3-1.fc11.1, kdeedu-4.4.3-1.fc11.1, kdegames-4.4.3-1.fc11.1, kdegraphics-4.4.3-1.fc11.1, kdelibs-4.4.3-2.fc11, kdemultimedia-4.4.3-1.fc11.1, kdenetwork-4.4.3-3.fc11, kdepim-4.4.3-1.fc11.1, kdepim-runtime-4.4.3-1.fc11.1, kdepimlibs-4.4.3-1.fc11.1, kdeplasma-addons-4.4.3-1.fc11.1, kdesdk-4.4.3-1.fc11.1, kdetoys-4.4.3-1.fc11.1, kdeutils-4.4.3-1.fc11.1, oxygen-icon-theme-4.4.3-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. |