Directory traversal vulnerability in KGet in KDE SC 4.0.0 through 4.4.3 allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
NONE
Integrity
PARTIAL
Availability
PARTIAL
KDE Software Compilation (SC) 4.4.0 release candidate 1
KDE Software Compilation (SC) 4.4.0 beta2
KDE Software Compilation (SC) 4.4.0 beta1
KDE Software Compilation (SC) 4.4.0
KDE Software Compilation (SC) 4.3.5
KDE Software Compilation (SC) 4.3.4
KDE Software Compilation (SC) 4.3.3
KDE Software Compilation (SC) 4.3.2
KDE Software Compilation (SC) 4.3.1
KDE Software Compilation (SC) 4.3.0 release candidate 3
KDE Software Compilation (SC) 4.3.0 release candidate 2
KDE Software Compilation (SC) 4.3.0 release candidate 1
KDE Software Compilation (SC) 4.3.0 beta3
KDE Software Compilation (SC) 4.3.0 beta1
KDE Software Compilation (SC) 4.3.0
KDE Software Compilation (SC) 4.2.4
KDE Software Compilation (SC) 4.2.3
KDE Software Compilation (SC) 4.2.2
KDE Software Compilation (SC) 4.2.1
KDE Software Compilation (SC) 4.2.0
KDE Software Compilation (SC) 4.2 release candidate
KDE Software Compilation (SC) 4.2 beta2
KDE Software Compilation (SC) 4.1.96
KDE Software Compilation (SC) 4.1.85
KDE Software Compilation (SC) 4.1.80
KDE Software Compilation (SC) 4.1.4
KDE Software Compilation (SC) 4.1.3
KDE Software Compilation (SC) 4.1.2
KDE Software Compilation (SC) 4.1.1
KDE Software Compilation (SC) 4.1.0 release candidate
KDE Software Compilation (SC) 4.1.0 beta2
KDE Software Compilation (SC) 4.1.0 beta1
KDE Software Compilation (SC) 4.1.0 alpha1
KDE Software Compilation (SC) 4.1.0
KDE Software Compilation (SC) 4.0.5
KDE Software Compilation (SC) 4.0.4
KDE Software Compilation (SC) 4.0.3
KDE Software Compilation (SC) 4.0.2
KDE Software Compilation (SC) 4.0.1
KDE Software Compilation (SC) 4.0.0 release candidate 2
KDE Software Compilation (SC) 4.0.0 release candidate 1
KDE Software Compilation (SC) 4.0.0 beta4
KDE Software Compilation (SC) 4.0.0 beta3
KDE Software Compilation (SC) 4.0.0 beta2
KDE Software Compilation (SC) 4.0.0 beta1
KDE Software Compilation (SC) 4.0.0 alpha2
KDE Software Compilation (SC) 4.0.0 alpha1
KDE Software Compilation (SC) 4.0.0
KDE Software Compilation (SC) 4.4.0 release candidate 2
KDE Software Compilation (SC) 4.4.0 release candidate 3
KDE Software Compilation (SC) 4.4.1
KDE Software Compilation (SC) 4.4.2
KDE Software Compilation (SC) 4.4.3
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)
Related CAPEC 7
Relative Path Traversal (CAPEC-ID 139)
Directory Traversal (CAPEC-ID 213)
File System Function Injection, Content Based (CAPEC-ID 23)
Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64)
Manipulating Input to File System Calls (CAPEC-ID 76)
Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78)
Using Slashes in Alternate Encoding (CAPEC-ID 79)