Test ID:	1.3.6.1.4.1.25623.1.0.69462
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2011:081 (kdenetwork4)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to kdenetwork4 announced via advisory MDVSA-2011:081. A vulnerability has been found and corrected in kdenetwork4: Directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function in ui/metalinkcreator/metalinker.cpp in KGet in KDE SC 4.6.2 and earlier allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-1000 (CVE-2011-1586). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2009.0, 2010.0, 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:081 Risk factor : High CVSS Score: 5.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1000 BugTraq ID: 40141 http://www.securityfocus.com/bid/40141 Bugtraq: 20100513 Secunia Research: KDE KGet metalink "name" Directory Traversal Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511281/100/0/threaded Bugtraq: 20100514 Re: Secunia Research: KDE KGet Insecure File Operation Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511294/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051692.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058580.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:098 http://secunia.com/secunia_research/2010-69/ http://marc.info/?l=oss-security&m=127378789518426&w=2 http://osvdb.org/64690 http://securitytracker.com/id?1023984 http://secunia.com/advisories/39528 http://secunia.com/advisories/39787 http://secunia.com/advisories/42423 SuSE Security Announcement: SUSE-SR:2010:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://www.ubuntu.com/usn/USN-938-1 http://www.vupen.com/english/advisories/2010/1142 http://www.vupen.com/english/advisories/2010/1144 http://www.vupen.com/english/advisories/2010/3096 http://www.vupen.com/english/advisories/2011/1101 XForce ISS Database: kde-name-directory-traversal(58628) https://exchange.xforce.ibmcloud.com/vulnerabilities/58628 Common Vulnerability Exposure (CVE) ID: CVE-2011-1586 44124 http://secunia.com/advisories/44124 44329 http://secunia.com/advisories/44329 ADV-2011-1019 http://www.vupen.com/english/advisories/2011/1019 ADV-2011-1021 http://www.vupen.com/english/advisories/2011/1021 ADV-2011-1135 http://www.vupen.com/english/advisories/2011/1135 MDVSA-2011:081 http://www.mandriva.com/security/advisories?name=MDVSA-2011:081 RHSA-2011:0465 http://www.redhat.com/support/errata/RHSA-2011-0465.html USN-1114-1 http://www.ubuntu.com/usn/usn-1114-1/ [oss-security] 20110415 Re: CVE Request: incomplete fix for CVE-2010-1000 in KDE network http://openwall.com/lists/oss-security/2011/04/15/9 http://websvn.kde.org/branches/KDE/4.4/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227468&r2=1227467&pathrev=1227468 http://websvn.kde.org/branches/KDE/4.5/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227469&r2=1227468&pathrev=1227469 http://websvn.kde.org/branches/KDE/4.6/kdenetwork/kget/ui/metalinkcreator/metalinker.cpp?r1=1227471&r2=1227470&pathrev=1227471 https://bugzilla.redhat.com/show_bug.cgi?id=697042 https://launchpad.net/bugs/757526 kget-name-directory-traversal(66826) https://exchange.xforce.ibmcloud.com/vulnerabilities/66826
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.