RHSA-2009:1601

Executive Summary

Summary
Title	kdelibs security update

Informations
Name	RHSA-2009:1601	First vendor Publication	2009-11-24
Vendor	RedHat	Last vendor Modification	2009-11-24
Severity (Vendor)	Critical	Revision	01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score	6.8	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kdelibs packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Description:

The kdelibs packages provide libraries for the K Desktop Environment (KDE).

A buffer overflow flaw was found in the kdelibs string to floating point
conversion routines. A web page containing malicious JavaScript could crash
Konqueror or, potentially, execute arbitrary code with the privileges of
the user running Konqueror. (CVE-2009-0689)

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. The desktop must be restarted (log out, then
log back in) for this update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

539784 - CVE-2009-0689 kdelibs remote array overrun

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-1601.html

CAPEC : Common Attack Pattern Enumeration & Classification

id	Name
CAPEC-8	Buffer Overflow in an API Call
CAPEC-9	Buffer Overflow in Local Command-Line Utilities
CAPEC-10	Buffer Overflow via Environment Variables
CAPEC-14	Client-side Injection-induced Buffer Overflow
CAPEC-24	Filter Failure through Buffer Overflow
CAPEC-42	MIME Conversion
CAPEC-44	Overflow Binary Resource File
CAPEC-45	Buffer Overflow via Symbolic Links
CAPEC-46	Overflow Variables and Tags
CAPEC-47	Buffer Overflow via Parameter Expansion
CAPEC-100	Overflow Buffers

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9541

Oval ID:	oval:org.mitre.oval:def:9541
Title:	Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Description:	Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2009-0689	Version:	5
Platform(s):	Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section thunderbird is earlier than 0:1.5.0.12-25.el4 AND kdelibs is earlier than 6:3.3.1-17.el4_8.1 AND kdelibs-devel is earlier than 6:3.3.1-17.el4_8.1 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section kdelibs-apidocs is earlier than 6:3.5.4-25.el5_4.1 AND thunderbird is earlier than 0:2.0.0.24-2.el5_4 AND kdelibs is earlier than 6:3.5.4-25.el5_4.1 AND kdelibs-devel is earlier than 6:3.5.4-25.el5_4.1

Definition Id: oval:org.mitre.oval:def:6528

Oval ID:	oval:org.mitre.oval:def:6528
Title:	Mozilla Firefox Floating Point Memory Allocation Vulnerability
Description:	Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-0689	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Mozilla Firefox
Definition Synopsis:
Mozilla Firefox is installed AND Mozilla Firefox version 3.0.x to 3.0.14 and 3.5.x to 3.5.3

CPE : Common Platform Enumeration

Type	Description	Count
Application	K-Meleon Project K-Meleon cpe:/a:k-meleon_project:k-meleon:1.5.3	1
Application	Mozilla Firefox cpe:/a:mozilla:firefox:3.5.3 cpe:/a:mozilla:firefox:3.5.2 cpe:/a:mozilla:firefox:3.5.1 cpe:/a:mozilla:firefox:3.5 cpe:/a:mozilla:firefox:3.0.9 cpe:/a:mozilla:firefox:3.0.8 cpe:/a:mozilla:firefox:3.0.7 cpe:/a:mozilla:firefox:3.0.6 cpe:/a:mozilla:firefox:3.0.5 cpe:/a:mozilla:firefox:3.0.4 cpe:/a:mozilla:firefox:3.0.3 cpe:/a:mozilla:firefox:3.0.2 cpe:/a:mozilla:firefox:3.0.14 cpe:/a:mozilla:firefox:3.0.13 cpe:/a:mozilla:firefox:3.0.12 cpe:/a:mozilla:firefox:3.0.11 cpe:/a:mozilla:firefox:3.0.10 cpe:/a:mozilla:firefox:3.0.1	18
Application	Mozilla Seamonkey cpe:/a:mozilla:seamonkey:1.1.8	1
Os	Freebsd Freebsd cpe:/o:freebsd:freebsd:7.2:stable cpe:/o:freebsd:freebsd:7.2 cpe:/o:freebsd:freebsd:7.2:pre-release cpe:/o:freebsd:freebsd:6.4:stable cpe:/o:freebsd:freebsd:6.4:release cpe:/o:freebsd:freebsd:6.4:release_p4 cpe:/o:freebsd:freebsd:6.4:release_p5 cpe:/o:freebsd:freebsd:6.4 cpe:/o:freebsd:freebsd:6.4:release_p3 cpe:/o:freebsd:freebsd:6.4:release_p2	10
Os	Netbsd Netbsd cpe:/o:netbsd:netbsd:5.0	1
Os	Openbsd Openbsd cpe:/o:openbsd:openbsd:4.5	1

ExploitDB Exploits

id	Description
2009-12-11	Sunbird 0.9 Array Overrun (code execution) 0day
2009-11-19	Opera 10.01 Remote Array Overrun
2009-11-19	K-Meleon 1.5.3 Remote Array Overrun
2009-11-19	SeaMonkey 1.1.8 Remote Array Overrun
2009-11-19	KDE KDELibs 4.3.3 Remote Array Overrun

Open Source Vulnerability Database (OSVDB)

id	Description
63646	J Programming Language libc dtoa Implementation Floating Point Parsing Memory...
63641	Matlab libc dtoa Implementation Floating Point Parsing Memory Corruption
63639	Apple Mac OS X libc dtoa Implementation Floating Point Parsing Memory Corruption
62402	K-Meleon libc dtoa Implementation Floating Point Parsing Memory Corruption
61189	Mozilla Sunbird libc dtoa Implementation Floating Point Parsing Memory Corrup...
61188	Flock Browser libc dtoa Implementation Floating Point Parsing Memory Corruption
61187	KDE kdelibs libc dtoa Implementation Floating Point Parsing Memory Corruption
61186	Opera libc dtoa Implementation Floating Point Parsing Memory Corruption
61091	Mozilla Multiple Products libc dtoa Implementation Floating Point Parsing Mem...
55603	libc gdtoa/misc.c dtoa() Implementation printf Function Array Overflow

Type	Count
Capec ID(s)	11
CWE ID(s)	1
Oval ID(s)	2
CPE ID(s)	32
osvdb(s)	10
ExploitDB Exploit(s)	5

Related	Severity
CVE-2009-0689	(Medium)

Same Subject	Severity
Login to view 12 more Alert(s)

RHSA-2009:1601

Executive Summary

Security-Database Scoring CVSS v2

Detail

Original Source

CAPEC : Common Attack Pattern Enumeration & Classification

CWE : Common Weakness Enumeration

OVAL Definitions

CPE : Common Platform Enumeration

ExploitDB Exploits

Open Source Vulnerability Database (OSVDB)

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU