This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities has been discovered and fixed in kget
Directory traversal vulnerability in KGet in KDE SC 4.0.0 through
4.4.3 allows remote attackers to create arbitrary files via directory
traversal sequences in the name attribute of a file element in a
metalink file (CVE-2010-1000).
KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request
download confirmation from the user, which makes it easier for remote
attackers to overwrite arbitrary files via a crafted metalink file
Packages for 2009.0 are provided due to the Extended Maintenance
The corrected packages solves these problems.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 6.4
CVSS Temporal Score : 5.6
Public Exploit Available : true