Bug 592012 - (CVE-2010-1512) CVE-2010-1512 aria2: improper sanitization of metalink attribute for downloading files
CVE-2010-1512 aria2: improper sanitization of metalink attribute for download...
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20100513,reported=20100513,sou...
: Security
Depends On: 592014
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-13 13:11 EDT by Vincent Danen
Modified: 2012-07-17 12:35 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-11-27 03:45:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2010-05-13 13:11:53 EDT
Secunia Research reported [1] a flaw in aria2.  From their advisory:

Secunia Research has discovered a vulnerability in aria2, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to the application not properly
sanitising the "name" attribute of the "file" element of metalink
files before using it to download files. If a user is tricked into
downloading from a specially crafted metalink file, this can be
exploited to download files to directories outside of the intended
download directory via directory traversal attacks.

Version 1.9.3 is indicated as being fixed, via changeset 2097 [2].

This issue has been given the name CVE-2010-1512.

[1] http://secunia.com/secunia_research/2010-71/
[2] http://sourceforge.net/apps/trac/aria2/changeset/2097
Comment 1 Vincent Danen 2010-05-13 13:12:45 EDT
Created aria2 tracking bugs for this issue

Affects: fedora-all [bug 592014]
Comment 2 Fedora Update System 2010-05-20 19:52:51 EDT
aria2-1.9.3-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/aria2-1.9.3-1.fc13
Comment 3 Fedora Update System 2010-05-20 19:53:45 EDT
aria2-1.9.3-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/aria2-1.9.3-1.fc12
Comment 4 Fedora Update System 2010-05-20 19:54:03 EDT
aria2-1.9.3-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/aria2-1.9.3-1.fc11
Comment 5 Fedora Update System 2010-05-21 21:52:16 EDT
aria2-1.9.3-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2010-05-21 21:52:27 EDT
aria2-1.9.3-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2010-05-21 21:53:17 EDT
aria2-1.9.3-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.