Executive Summary
Summary | |
---|---|
Title | New qt-x11-free packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1426 | First vendor Publication | 2007-12-08 |
Vendor | Debian | Last vendor Modification | 2007-12-08 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several local/remote vulnerabilities have been discovered in the Qt GUI Library. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3388 Tim Brown and Dirk Müller discovered several format string vulnerabilities in the handling of error messages, which might lead to the execution of arbitrary code. CVE-2007-4137 Dirk Müller discovered an off-by-one buffer overflow in the Unicode handling, which might lead to the execution of arbitrary code. For the old stable distribution (sarge), these problems have been fixed in version 3:3.3.4-3sarge3. Packages for m68k will be provided later. For the stable distribution (etch), these problems have been fixed in version 3:3.3.7-4etch1. For the unstable distribution (sid), these problems have been fixed in version 3:3.3.7-8. We recommend that you upgrade your qt-x11-free packages. |
Original Source
Url : http://www.debian.org/security/2007/dsa-1426 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11159 | |||
Oval ID: | oval:org.mitre.oval:def:11159 | ||
Title: | Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. | ||
Description: | Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-4137 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:17295 | |||
Oval ID: | oval:org.mitre.oval:def:17295 | ||
Title: | USN-513-1 -- qt-x11-free vulnerability | ||
Description: | Dirk Mueller discovered that UTF8 strings could be made to cause a small buffer overflow. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-513-1 CVE-2007-4137 | Version: | 5 |
Platform(s): | Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 | Product(s): | qt-x11-free |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20432 | |||
Oval ID: | oval:org.mitre.oval:def:20432 | ||
Title: | DSA-1426-1 qt-x11-free - several vulnerabilities | ||
Description: | Several local/remote vulnerabilities have been discovered in the Qt GUI library. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1426-1 CVE-2007-3388 CVE-2007-4137 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | qt-x11-free |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21840 | |||
Oval ID: | oval:org.mitre.oval:def:21840 | ||
Title: | ELSA-2007:0721: qt security update (Moderate) | ||
Description: | Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0721-03 CVE-2007-3388 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | qt |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22579 | |||
Oval ID: | oval:org.mitre.oval:def:22579 | ||
Title: | ELSA-2007:0883: qt security update (Important) | ||
Description: | Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2007:0883-02 CVE-2007-0242 CVE-2007-4137 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | qt |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9690 | |||
Oval ID: | oval:org.mitre.oval:def:9690 | ||
Title: | Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. | ||
Description: | Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2007-3388 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-10-10 | Name : SLES9: Security update for Qt3 File : nvt/sles9p5012275.nasl |
2009-04-09 | Name : Mandriva Update for qt3 MDKSA-2007:151 (qt3) File : nvt/gb_mandriva_MDKSA_2007_151.nasl |
2009-04-09 | Name : Mandriva Update for qt MDKSA-2007:183 (qt) File : nvt/gb_mandriva_MDKSA_2007_183.nasl |
2009-03-23 | Name : Ubuntu Update for qt-x11-free vulnerability USN-495-1 File : nvt/gb_ubuntu_USN_495_1.nasl |
2009-03-23 | Name : Ubuntu Update for qt-x11-free vulnerability USN-513-1 File : nvt/gb_ubuntu_USN_513_1.nasl |
2009-02-27 | Name : Fedora Update for qt FEDORA-2007-2216 File : nvt/gb_fedora_2007_2216_qt_fc7.nasl |
2009-02-27 | Name : Fedora Update for qt FEDORA-2007-703 File : nvt/gb_fedora_2007_703_qt_fc6.nasl |
2009-01-28 | Name : SuSE Update for qt3 SUSE-SA:2007:048 File : nvt/gb_suse_2007_048.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200708-16 (qt) File : nvt/glsa_200708_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200710-28 (qt) File : nvt/glsa_200710_28.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200712-08 (emul-linux-x86-qtlibs) File : nvt/glsa_200712_08.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1426-1 (qt-x11-free) File : nvt/deb_1426_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2007-222-03 qt File : nvt/esoft_slk_ssa_2007_222_03.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
39385 | QT QTextEdit Error Message Handling Remote Format String A format string flaw exists in Qt. The library fails to properly sanitize format string specifiers (e.g., %s and %x). With a specially crafted request, a CONTEXT-DEPENDENT attacker can crash the service or possibly execute arbitrary code. It was possible to trigger the vulnerability from the URL bar of versions of KDE's Konqueror web browser that were linked against the vulnerable library. |
39384 | Qt QUtf8Decoder::toUnicode Function Off-By-One |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0883.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0721.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070913_qt_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070731_qt_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11795.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0721.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_qt3-4420.nasl - Type : ACT_GATHER_INFO |
2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_qt3-3898.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1426.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-513-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-495-1.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-2216.nasl - Type : ACT_GATHER_INFO |
2007-10-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200710-28.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_qt3-3899.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_qt3-4421.nasl - Type : ACT_GATHER_INFO |
2007-09-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-703.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0883.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0883.nasl - Type : ACT_GATHER_INFO |
2007-09-14 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-183.nasl - Type : ACT_GATHER_INFO |
2007-08-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200708-16.nasl - Type : ACT_GATHER_INFO |
2007-08-13 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2007-222-03.nasl - Type : ACT_GATHER_INFO |
2007-08-02 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-151.nasl - Type : ACT_GATHER_INFO |
2007-08-01 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0721.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:27:05 |
|