Executive Summary
Summary | |
---|---|
Title | Konqueror: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201406-31 | First vendor Publication | 2014-06-27 |
Vendor | Gentoo | Last vendor Modification | 2014-06-27 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities have been found in Konqueror, the worst of which may allow execution of arbitrary code. Background Description Impact Workaround Resolution NOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 11, 2012. It is likely that your system is already no longer affected by this issue. References Availability http://security.gentoo.org/glsa/glsa-201406-31.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201406-31.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:21385 | |||
Oval ID: | oval:org.mitre.oval:def:21385 | ||
Title: | RHSA-2012:1418: kdelibs security update (Critical) | ||
Description: | khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1418-00 CESA-2012:1418 CVE-2012-4512 CVE-2012-4513 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | kdelibs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23067 | |||
Oval ID: | oval:org.mitre.oval:def:23067 | ||
Title: | ELSA-2012:1418: kdelibs security update (Critical) | ||
Description: | khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:1418-00 CVE-2012-4512 CVE-2012-4513 | Version: | 13 |
Platform(s): | Oracle Linux 6 | Product(s): | kdelibs |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:25329 | |||
Oval ID: | oval:org.mitre.oval:def:25329 | ||
Title: | SUSE-SU-2013:1559-1 -- Security update for kdelibs4 | ||
Description: | This kdelibs4 update fixes several security issues related to khtml/konqueror. * Fix security issues and null pointer references in khtml/konqueror (bnc#787520) (CVE-2012-4512, CVE-2012-4513, CVE-2012-4515) | ||
Family: | unix | Class: | patch |
Reference(s): | SUSE-SU-2013:1559-1 CVE-2012-4512 CVE-2012-4513 CVE-2012-4515 | Version: | 3 |
Platform(s): | SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Desktop 11 | Product(s): | kdelibs4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27156 | |||
Oval ID: | oval:org.mitre.oval:def:27156 | ||
Title: | RHSA-2012:1416 -- kdelibs security update (Critical) | ||
Description: | The kdelibs packages provide libraries for the K Desktop Environment (KDE). Konqueror is a web browser. A heap-based buffer overflow flaw was found in the way the CSS (Cascading Style Sheets) parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs (such as Konqueror) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4512) A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory. (CVE-2012-4513) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:1416 CESA-2012:1416 CVE-2012-4512 CVE-2012-4513 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | kdelibs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:27310 | |||
Oval ID: | oval:org.mitre.oval:def:27310 | ||
Title: | ELSA-2012-1416 -- kdelibs security update (critical) | ||
Description: | [6:4.3.4-14.2] - fix multilib conflict [6:4.3.4-14.1] - Resolves: bz#866228, CVE-2012-4512 CVE-2012-4513 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-1416 CVE-2012-4512 CVE-2012-4513 | Version: | 3 |
Platform(s): | Oracle Linux 6 | Product(s): | kdelibs |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2012-11-01 | Konqueror 4.7.3 Memory Corruption |
OpenVAS Exploits
Date | Description |
---|---|
2012-11-19 | Name : Fedora Update for kdelibs FEDORA-2012-17385 File : nvt/gb_fedora_2012_17385_kdelibs_fc17.nasl |
2012-11-19 | Name : Fedora Update for kdelibs FEDORA-2012-17388 File : nvt/gb_fedora_2012_17388_kdelibs_fc16.nasl |
2012-11-02 | Name : CentOS Update for kdelibs CESA-2012:1416 centos6 File : nvt/gb_CESA-2012_1416_kdelibs_centos6.nasl |
2012-11-02 | Name : CentOS Update for kdelibs CESA-2012:1418 centos6 File : nvt/gb_CESA-2012_1418_kdelibs_centos6.nasl |
2012-11-02 | Name : RedHat Update for kdelibs RHSA-2012:1416-01 File : nvt/gb_RHSA-2012_1416-01_kdelibs.nasl |
2012-11-02 | Name : RedHat Update for kdelibs RHSA-2012:1418-01 File : nvt/gb_RHSA-2012_1418-01_kdelibs.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-31.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-815.nasl - Type : ACT_GATHER_INFO |
2013-10-25 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kdelibs4-130930.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1416.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-1418.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1416.nasl - Type : ACT_GATHER_INFO |
2012-11-19 | Name : The remote Fedora host is missing a security update. File : fedora_2012-17385.nasl - Type : ACT_GATHER_INFO |
2012-11-19 | Name : The remote Fedora host is missing a security update. File : fedora_2012-17388.nasl - Type : ACT_GATHER_INFO |
2012-11-12 | Name : The remote Fedora host is missing a security update. File : fedora_2012-17234.nasl - Type : ACT_GATHER_INFO |
2012-10-31 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-1418.nasl - Type : ACT_GATHER_INFO |
2012-10-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1416.nasl - Type : ACT_GATHER_INFO |
2012-10-31 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1418.nasl - Type : ACT_GATHER_INFO |
2012-10-31 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20121030_kdelibs_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-06-29 13:26:52 |
|
2014-06-27 17:22:24 |
|