Red Hat Local Security Checks : RedHat Update for kdenetwork RHSA-2011:0465-01

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.870602

Categoría: Red Hat Local Security Checks

Título: RedHat Update for kdenetwork RHSA-2011:0465-01

Resumen: The remote host is missing an update for the 'kdenetwork'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'kdenetwork'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The kdenetwork packages contain networking applications for the K Desktop
Environment (KDE).

A directory traversal flaw was found in the way KGet, a download manager,
handled the 'file' element in Metalink files. An attacker could use this
flaw to create a specially-crafted Metalink file that, when opened, would
cause KGet to overwrite arbitrary files accessible to the user running
KGet. (CVE-2011-1586)

Users of kdenetwork should upgrade to these updated packages, which contain
a backported patch to resolve this issue. The desktop must be restarted
(log out, then log back in) for this update to take effect.

Affected Software/OS:
kdenetwork on Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
5.8

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1586
44124
http://secunia.com/advisories/44124
44329
http://secunia.com/advisories/44329
ADV-2011-1019
http://www.vupen.com/english/advisories/2011/1019
ADV-2011-1021
http://www.vupen.com/english/advisories/2011/1021
ADV-2011-1135
http://www.vupen.com/english/advisories/2011/1135
MDVSA-2011:081
http://www.mandriva.com/security/advisories?name=MDVSA-2011:081
RHSA-2011:0465
http://www.redhat.com/support/errata/RHSA-2011-0465.html
USN-1114-1
http://www.ubuntu.com/usn/usn-1114-1/
[oss-security] 20110415 Re: CVE Request: incomplete fix for CVE-2010-1000 in KDE network
http://openwall.com/lists/oss-security/2011/04/15/9
http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468&r2=1227467&pathrev=1227468
http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469&r2=1227468&pathrev=1227469
http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471&r2=1227470&pathrev=1227471
https://bugzilla.redhat.com/show_bug.cgi?id=697042
https://launchpad.net/bugs/757526
kget-name-directory-traversal(66826)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66826
Common Vulnerability Exposure (CVE) ID: CVE-2010-1000
BugTraq ID: 40141
http://www.securityfocus.com/bid/40141
Bugtraq: 20100513 Secunia Research: KDE KGet metalink "name" Directory Traversal Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511281/100/0/threaded
Bugtraq: 20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511294/100/0/threaded
http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:098
http://secunia.com/secunia_research/2010-69/
http://marc.info/?l=oss-security&m=127378789518426&w=2
http://osvdb.org/64690
http://securitytracker.com/id?1023984
http://secunia.com/advisories/39528
http://secunia.com/advisories/39787
http://secunia.com/advisories/42423
SuSE Security Announcement: SUSE-SR:2010:024 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html
http://www.ubuntu.com/usn/USN-938-1
http://www.vupen.com/english/advisories/2010/1142
http://www.vupen.com/english/advisories/2010/1144
http://www.vupen.com/english/advisories/2010/3096
http://www.vupen.com/english/advisories/2011/1101
XForce ISS Database: kde-name-directory-traversal(58628)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58628

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.870602
Categoría:	Red Hat Local Security Checks
Título:	RedHat Update for kdenetwork RHSA-2011:0465-01
Resumen:	The remote host is missing an update for the 'kdenetwork'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'kdenetwork' package(s) announced via the referenced advisory. Vulnerability Insight: The kdenetwork packages contain networking applications for the K Desktop Environment (KDE). A directory traversal flaw was found in the way KGet, a download manager, handled the 'file' element in Metalink files. An attacker could use this flaw to create a specially-crafted Metalink file that, when opened, would cause KGet to overwrite arbitrary files accessible to the user running KGet. (CVE-2011-1586) Users of kdenetwork should upgrade to these updated packages, which contain a backported patch to resolve this issue. The desktop must be restarted (log out, then log back in) for this update to take effect. Affected Software/OS: kdenetwork on Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1586 44124 http://secunia.com/advisories/44124 44329 http://secunia.com/advisories/44329 ADV-2011-1019 http://www.vupen.com/english/advisories/2011/1019 ADV-2011-1021 http://www.vupen.com/english/advisories/2011/1021 ADV-2011-1135 http://www.vupen.com/english/advisories/2011/1135 MDVSA-2011:081 http://www.mandriva.com/security/advisories?name=MDVSA-2011:081 RHSA-2011:0465 http://www.redhat.com/support/errata/RHSA-2011-0465.html USN-1114-1 http://www.ubuntu.com/usn/usn-1114-1/ [oss-security] 20110415 Re: CVE Request: incomplete fix for CVE-2010-1000 in KDE network http://openwall.com/lists/oss-security/2011/04/15/9 http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468&r2=1227467&pathrev=1227468 http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469&r2=1227468&pathrev=1227469 http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471&r2=1227470&pathrev=1227471 https://bugzilla.redhat.com/show_bug.cgi?id=697042 https://launchpad.net/bugs/757526 kget-name-directory-traversal(66826) https://exchange.xforce.ibmcloud.com/vulnerabilities/66826 Common Vulnerability Exposure (CVE) ID: CVE-2010-1000 BugTraq ID: 40141 http://www.securityfocus.com/bid/40141 Bugtraq: 20100513 Secunia Research: KDE KGet metalink "name" Directory Traversal Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511281/100/0/threaded Bugtraq: 20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511294/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:098 http://secunia.com/secunia_research/2010-69/ http://marc.info/?l=oss-security&m=127378789518426&w=2 http://osvdb.org/64690 http://securitytracker.com/id?1023984 http://secunia.com/advisories/39528 http://secunia.com/advisories/39787 http://secunia.com/advisories/42423 SuSE Security Announcement: SUSE-SR:2010:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://www.ubuntu.com/usn/USN-938-1 http://www.vupen.com/english/advisories/2010/1142 http://www.vupen.com/english/advisories/2010/1144 http://www.vupen.com/english/advisories/2010/3096 http://www.vupen.com/english/advisories/2011/1101 XForce ISS Database: kde-name-directory-traversal(58628) https://exchange.xforce.ibmcloud.com/vulnerabilities/58628
Copyright	Copyright (C) 2012 Greenbone AG