CVE-2011-1586

Name of the Vulnerable Software and Affected Versions KDE SC versions 4.6.2 and earlier kdenetwork versions 4.3.4 kdenetwork-devel versions 4.3.4 kdenetwork-debuginfo versions 4.3.4 kdenetwork-libs versions 4.3.4

Description The issue is related to a directory traversal vulnerability in the KGetMetalink::File::isValidNameAttr function, which can be exploited remotely. This vulnerability allows remote attackers to create arbitrary files via a .. (dot dot) in the name attribute of a file element in a metalink file. The vulnerability exists due to an incomplete fix for a previous issue. Exploitation of this vulnerability can lead to a violation of the integrity and availability of protected information.

Recommendations For KDE SC versions 4.6.2 and earlier, consider updating to a newer version to resolve the issue. For kdenetwork versions 4.3.4, kdenetwork-devel versions 4.3.4, kdenetwork-debuginfo versions 4.3.4, and kdenetwork-libs versions 4.3.4, at the moment, there is no information about a newer version that contains a fix for this vulnerability.