now would be a good time to check any other apps :) The vulnerability is caused due to the application not properly sanitising the "name" attribute of the "file" element of metalink files before using it to download files. If a user is tricked into downloading from a specially crafted metalink file, this can be exploited to download files to directories outside of the intended download directory via directory traversal attacks.
An attacker can exploit this issue by crafting a malicious metalink file using widely available tools and utilities. aria2 metalink "name" Directory Traversal Vulnerability http://secunia.com/advisories/39529 Free Download Manager metalink "name" Directory Traversal http://secunia.com/secunia_research/2010-67/ KDE KGet Insecure File Operation and Directory Traversal http://secunia.com/advisories/39528/ -- (( Anthony Bryan ... Metalink [ http://www.metalinker.org ] )) Easier, More Reliable, Self Healing Downloads -- You received this message because you are subscribed to the Google Groups "Metalink Discussion" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/metalink-discussion?hl=en.
