PT-2016-6805 · Kde+2 · Archive+2

Andreas Cord-Landwehr

Publicado

2016-07-18

Atualizado

2019-08-16

CVE-2016-6232

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions KArchive versions prior to 5.24

Description A directory traversal issue allows remote attackers to write to arbitrary files via a ../ (dot dot slash) in a filename in an archive file. This is related to KNewsstuff downloads.

Recommendations For versions prior to 5.24, update to version 5.24 or later to resolve the issue. As a temporary workaround, consider restricting the use of archive files from untrusted sources until the update is applied.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CVE-2016-6232

DLA-570-1

DSA-3643-1

OPENSUSE-SU-2016:1884-1

OPENSUSE-SU-2016:2223-1

OPENSUSE-SU-2016_1884-1

USN-3042-1

USN-4100-1

PT-2016-6805 · Kde+2 · Archive+2

CVE-2016-6232

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31