Executive Summary
Summary | |
---|---|
Title | New webkit packages fix several vulnerabilities |
Informations | |||
---|---|---|---|
Name | DSA-1950 | First vendor Publication | 2009-12-12 |
Vendor | Debian | Last vendor Modification | 2009-12-12 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption. CVE-2009-1687 The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." CVE-2009-1690 Use-after-free vulnerability in WebKit, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." CVE-2009-1698 WebKit does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. CVE-2009-1711 WebKit does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. CVE-2009-1712 WebKit does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. CVE-2009-1725 WebKit do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. CVE-2009-1714 Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. CVE-2009-1710 WebKit allows remote attackers to spoof the browser's display of the host name, security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. CVE-2009-1697 CRLF injection vulnerability in WebKit allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. CVE-2009-1695 Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. CVE-2009-1693 WebKit allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." CVE-2009-1694 WebKit does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." CVE-2009-1681 WebKit does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. CVE-2009-1684 Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. CVE-2009-1692 WebKit allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. For the stable distribution (lenny), these problems has been fixed in version 1.0.1-4+lenny2. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 1.1.16-1. We recommend that you upgrade your webkit package. |
Original Source
Url : http://www.debian.org/security/2009/dsa-1950 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
25 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
25 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
8 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
8 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10260 | |||
Oval ID: | oval:org.mitre.oval:def:10260 | ||
Title: | The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." | ||
Description: | The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1687 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11009 | |||
Oval ID: | oval:org.mitre.oval:def:11009 | ||
Title: | Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." | ||
Description: | Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1690 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11584 | |||
Oval ID: | oval:org.mitre.oval:def:11584 | ||
Title: | Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. | ||
Description: | Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0945 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13113 | |||
Oval ID: | oval:org.mitre.oval:def:13113 | ||
Title: | USN-836-1 -- webkit vulnerabilities | ||
Description: | It was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. Several flaws were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that WebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program | ||
Family: | unix | Class: | patch |
Reference(s): | USN-836-1 CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1711 CVE-2009-1725 CVE-2009-1712 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 9.04 | Product(s): | webkit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13176 | |||
Oval ID: | oval:org.mitre.oval:def:13176 | ||
Title: | DSA-1868-1 kde4libs -- several vulnerabilities | ||
Description: | Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. For the stable distribution, these problems have been fixed in version 4:4.1.0-3+lenny1. The oldstable distribution does not contain kde4libs. For the testing distribution, these problems will be fixed soon. For the unstable distribution, these problems have been fixed in version 4:4.3.0-1. We recommend that you upgrade your kde4libs packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1868-1 CVE-2009-1690 CVE-2009-1698 CVE-2009-1687 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | kde4libs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13290 | |||
Oval ID: | oval:org.mitre.oval:def:13290 | ||
Title: | DSA-1867-1 kdelibs -- several vulnerabilities | ||
Description: | Several security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. For the stable distribution, these problems have been fixed in version 4:3.5.10.dfsg.1-0lenny2. For the oldstable distribution, these problems have been fixed in version 4:3.5.5a.dfsg.1-8etch2. For the testing distribution and the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your kdelibs packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1867-1 CVE-2009-1690 CVE-2009-1698 CVE-2009-1687 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | kdelibs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13862 | |||
Oval ID: | oval:org.mitre.oval:def:13862 | ||
Title: | USN-822-1 -- kde4libs, kdelibs vulnerabilities | ||
Description: | It was discovered that KDE-Libs did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.04. It was discovered that the KDE JavaScript garbage collector did not properly handle memory allocation failures. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that KDE-Libs did not properly handle HTML content in the head element. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that KDE-Libs did not properly handle the Cascading Style Sheets attr function call. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program | ||
Family: | unix | Class: | patch |
Reference(s): | USN-822-1 CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 8.04 Ubuntu 9.04 | Product(s): | kde4libs kdelibs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18395 | |||
Oval ID: | oval:org.mitre.oval:def:18395 | ||
Title: | DSA-1950-1 webkit - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1950-1 CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714 CVE-2009-1710 CVE-2009-1697 CVE-2009-1695 CVE-2009-1693 CVE-2009-1694 CVE-2009-1681 CVE-2009-1684 CVE-2009-1692 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | webkit |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22057 | |||
Oval ID: | oval:org.mitre.oval:def:22057 | ||
Title: | ELSA-2009:1127: kdelibs security update (Critical) | ||
Description: | WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1127-01 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 | Version: | 17 |
Platform(s): | Oracle Linux 5 | Product(s): | kdelibs |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29301 | |||
Oval ID: | oval:org.mitre.oval:def:29301 | ||
Title: | RHSA-2009:1127 -- kdelibs security update (Critical) | ||
Description: | Updated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:1127 CESA-2009:1127-CentOS 5 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 4 CentOS Linux 5 | Product(s): | kdelibs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5777 | |||
Oval ID: | oval:org.mitre.oval:def:5777 | ||
Title: | Apple Safari WebKit Numeric Character References Remote Memory Corruption Vulnerability. | ||
Description: | WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-1725 | Version: | 9 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Apple Safari |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7247 | |||
Oval ID: | oval:org.mitre.oval:def:7247 | ||
Title: | DSA-1950 webkit -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems: Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption. The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document that triggers write access to an "offset of a NULL pointer." Use-after-free vulnerability in WebKit, allows remote attackers to execute arbitrary code or cause a denial of service by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers." WebKit does not initialise a pointer during handling of a Cascading Style Sheets attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. WebKit does not properly initialise memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. WebKit does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. WebKit do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted HTML document. Cross-site scripting vulnerability in Web Inspector in WebKit allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. WebKit allows remote attackers to spoof the browser's display of the host name, security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. CRLF injection vulnerability in WebKit allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting attacks that depend on communication with arbitrary web sites on the same server through use of XMLHttpRequest without a Host header. Cross-site scripting vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. WebKit allows remote attackers to read images from arbitrary web sites via a CANVAS element with an SVG image, related to a "cross-site image capture issue." WebKit does not properly handle redirects, which allows remote attackers to read images from arbitrary web sites via vectors involving a CANVAS element and redirection, related to a "cross-site image capture issue." WebKit does not prevent web sites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct "clickjacking" attacks via a crafted HTML document. Cross-site scripting vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. WebKit allows remote attackers to cause a denial of service via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1950 CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1711 CVE-2009-1712 CVE-2009-1725 CVE-2009-1714 CVE-2009-1710 CVE-2009-1697 CVE-2009-1695 CVE-2009-1693 CVE-2009-1694 CVE-2009-1681 CVE-2009-1684 CVE-2009-1692 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | webkit |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7524 | |||
Oval ID: | oval:org.mitre.oval:def:7524 | ||
Title: | DSA-1868 kde4libs -- several vulnerabilities | ||
Description: | Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. The oldstable distribution (etch) does not contain kde4libs. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1868 CVE-2009-1690 CVE-2009-1698 CVE-2009-1687 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | kde4libs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8086 | |||
Oval ID: | oval:org.mitre.oval:def:8086 | ||
Title: | DSA-1867 kdelibs -- several vulnerabilities | ||
Description: | Several security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1867 CVE-2009-1690 CVE-2009-1698 CVE-2009-1687 | Version: | 3 |
Platform(s): | Debian GNU/Linux 5.0 Debian GNU/Linux 4.0 | Product(s): | kdelibs |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9484 | |||
Oval ID: | oval:org.mitre.oval:def:9484 | ||
Title: | WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | ||
Description: | WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-1698 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-07-15 | Multiple Web Browsers Denial of Service Exploit (1 bug to rule them all) |
OpenVAS Exploits
Date | Description |
---|---|
2012-04-19 | Name : Opera Web Browser Select Object Denial Of Service Vulnerability (Mac OS X) File : nvt/gb_opera_select_dos_vuln_macosx.nasl |
2011-08-09 | Name : CentOS Update for kdegraphics CESA-2009:1130 centos5 i386 File : nvt/gb_CESA-2009_1130_kdegraphics_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for kdelibs CESA-2009:1128 centos3 i386 File : nvt/gb_CESA-2009_1128_kdelibs_centos3_i386.nasl |
2011-08-09 | Name : CentOS Update for kdelibs CESA-2009:1127 centos5 i386 File : nvt/gb_CESA-2009_1127_kdelibs_centos5_i386.nasl |
2010-05-28 | Name : Fedora Update for kdelibs FEDORA-2010-8547 File : nvt/gb_fedora_2010_8547_kdelibs_fc11.nasl |
2010-05-17 | Name : Fedora Update for qt FEDORA-2010-8379 File : nvt/gb_fedora_2010_8379_qt_fc11.nasl |
2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
2010-04-19 | Name : Fedora Update for kdelibs FEDORA-2010-6077 File : nvt/gb_fedora_2010_6077_kdelibs_fc11.nasl |
2010-01-29 | Name : Mandriva Update for kdelibs4 MDVSA-2010:028 (kdelibs4) File : nvt/gb_mandriva_MDVSA_2010_028.nasl |
2010-01-29 | Name : Mandriva Update for kdelibs4 MDVSA-2010:027 (kdelibs4) File : nvt/gb_mandriva_MDVSA_2010_027.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:331 (kdegraphics) File : nvt/mdksa_2009_331.nasl |
2009-12-14 | Name : Mandriva Security Advisory MDVSA-2009:330 (kdelibs) File : nvt/mdksa_2009_330.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-11-17 | Name : Fedora Core 10 FEDORA-2009-11488 (qt) File : nvt/fcore_2009_11488.nasl |
2009-11-17 | Name : Fedora Core 11 FEDORA-2009-11491 (qt) File : nvt/fcore_2009_11491.nasl |
2009-11-11 | Name : Ubuntu USN-857-1 (qt4-x11) File : nvt/ubuntu_857_1.nasl |
2009-09-28 | Name : Ubuntu USN-836-1 (webkit) File : nvt/ubuntu_836_1.nasl |
2009-09-15 | Name : Fedora Core 11 FEDORA-2009-9391 (kdelibs3) File : nvt/fcore_2009_9391.nasl |
2009-09-15 | Name : Fedora Core 10 FEDORA-2009-9400 (kdelibs3) File : nvt/fcore_2009_9400.nasl |
2009-09-09 | Name : Fedora Core 11 FEDORA-2009-9231 (qt) File : nvt/fcore_2009_9231.nasl |
2009-09-09 | Name : Fedora Core 10 FEDORA-2009-9232 (qt) File : nvt/fcore_2009_9232.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1867-1 (kdelibs) File : nvt/deb_1867_1.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1868-1 (kde4libs) File : nvt/deb_1868_1.nasl |
2009-09-02 | Name : Debian Security Advisory DSA 1866-1 (kdegraphics) File : nvt/deb_1866_1.nasl |
2009-09-02 | Name : Ubuntu USN-822-1 (kdelibs) File : nvt/ubuntu_822_1.nasl |
2009-09-02 | Name : Ubuntu USN-823-1 (kdegraphics) File : nvt/ubuntu_823_1.nasl |
2009-09-02 | Name : Fedora Core 11 FEDORA-2009-8800 (qt) File : nvt/fcore_2009_8800.nasl |
2009-09-02 | Name : Fedora Core 10 FEDORA-2009-8802 (qt) File : nvt/fcore_2009_8802.nasl |
2009-07-29 | Name : Fedora Core 10 FEDORA-2009-8049 (kdelibs) File : nvt/fcore_2009_8049.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-8046 (kdelibs3) File : nvt/fcore_2009_8046.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-8039 (kdelibs) File : nvt/fcore_2009_8039.nasl |
2009-07-29 | Name : Fedora Core 10 FEDORA-2009-8020 (kdelibs3) File : nvt/fcore_2009_8020.nasl |
2009-07-29 | Name : Fedora Core 11 FEDORA-2009-6166 (webkitgtk) File : nvt/fcore_2009_6166.nasl |
2009-07-29 | Name : Netscape 'select()' Object Denial Of Service Vulnerability (Win) File : nvt/secpod_netscape_select_obj_dos_vuln_win.nasl |
2009-07-29 | Name : Netscape 'select()' Object Denial Of Service Vulnerability (Linux) File : nvt/secpod_netscape_select_obj_dos_vuln_lin.nasl |
2009-07-22 | Name : Opera Web Browser Select Object Denial Of Service Vulnerability (Linux) File : nvt/gb_opera_select_dos_vuln_lin.nasl |
2009-07-22 | Name : Opera Web Browser Select Object Denial Of Service Vulnerability (Win) File : nvt/gb_opera_select_dos_vuln_win.nasl |
2009-07-22 | Name : Microsoft Internet Explorer Denial Of Service Vulnerability - July09 File : nvt/gb_ms_ie_dos_vuln_jul09.nasl |
2009-07-22 | Name : Mozilla Products 'select()' Denial Of Service Vulnerability (Win) File : nvt/gb_mozilla_prdts_dos_vuln_jul09_win.nasl |
2009-07-22 | Name : Mozilla Products 'select()' Denial Of Service Vulnerability (Linux) File : nvt/gb_mozilla_prdts_dos_vuln_jul09_lin.nasl |
2009-07-12 | Name : Apple Safari DoS or XSS Vulnerability - July09 File : nvt/gb_apple_safari_dos_n_xss_vuln_jul09.nasl |
2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1130 File : nvt/RHSA_2009_1130.nasl |
2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1128 File : nvt/RHSA_2009_1128.nasl |
2009-06-30 | Name : CentOS Security Advisory CESA-2009:1127 (kdelibs) File : nvt/ovcesa2009_1127.nasl |
2009-06-30 | Name : CentOS Security Advisory CESA-2009:1128 (kdelibs) File : nvt/ovcesa2009_1128.nasl |
2009-06-30 | Name : CentOS Security Advisory CESA-2009:1130 (kdegraphics) File : nvt/ovcesa2009_1130.nasl |
2009-06-30 | Name : RedHat Security Advisory RHSA-2009:1127 File : nvt/RHSA_2009_1127.nasl |
2009-06-16 | Name : Apple Safari Multiple Vulnerabilities June-09 (Win) - II File : nvt/gb_apple_safari_mult_vuln_jun09_2.nasl |
2009-06-16 | Name : Apple Safari Multiple Vulnerabilities June-09 (Win) - I File : nvt/gb_apple_safari_mult_vuln_jun09_1.nasl |
2009-06-15 | Name : Ubuntu USN-785-1 (ipsec-tools) File : nvt/ubuntu_785_1.nasl |
2009-06-05 | Name : Ubuntu USN-776-2 (kvm) File : nvt/ubuntu_776_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
55739 | Apple Safari WebKit Numeric Character References Handling Memory Corruption |
55418 | KDE Konqueror WebKit JavaScript Garbage Collector Allocation Failure NULL Poi... |
55417 | KDE Konqueror WebKit CSS attr Function Uninitialized Pointer Issue Arbitrary ... |
55416 | KDE Konqueror WebKit head HTML Tag Handling DoS |
55414 | KDE Konqueror WebKit DOM Error Event Recursion Handling Memory Corruption |
55242 | Apple iPhone / iPod Touch WebKit HTMLSelectElement Object Handling Memory Con... |
55042 | Google Chrome WebKit HTML Error Handling Use After Free Memory Corruption |
55023 | Apple Safari WebKit Web Inspector HTML Attribute Handling XSS |
55022 | Apple Safari WebKit Arbitrary Local Java Applet Access |
55015 | Apple Safari WebKit Attr DOM Object Handling Arbitrary Code Execution |
55014 | Apple Safari WebKit Transparent Custom Cursor / CSS3 Hotspot Browser UI Eleme... |
55006 | Apple iPhone / Safari WebKit CSS attr() Function Uninitialized Pointer Issue ... |
55005 | Apple Safari WebKit Canvas Redirect Cross-site Image Disclosure |
55004 | Apple Safari WebKit Crafted Canvas SVG Cross-site Image Capture |
54992 | Apple Safari WebKit XMLHttpRequest Header Handling CRLF Injection |
54991 | Apple Safari WebKit Page Transition Frame Content Access XSS |
54990 | Apple Safari WebKit DOM Error Event Recursion Handling Memory Corruption |
54987 | Apple Safari WebKit JavaScript Context Splitting Event Handler Subsequent Fra... |
54985 | Apple Safari WebKit JavaScript Garbage Collector Allocation Failure NULL Poin... |
54981 | Apple Safari WebKit Same-origin Policy Bypass Subframe Positioning Clickjacking |
54500 | Google Chrome WebKit SVGList Object Handling Memory Corruption |
54455 | Apple Safari WebKit SVGList Object Handling Memory Corruption |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libwebkit-110104.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1128.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2009-1127.nasl - Type : ACT_GATHER_INFO |
2013-03-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-823-1.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090625_kdelibs_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090625_kdelibs_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20090625_kdegraphics_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libwebkit-110111.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kdelibs4-101103.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kdelibs3-101104.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_kdegraphics3-101104.nasl - Type : ACT_GATHER_INFO |
2010-12-10 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdegraphics3-7235.nasl - Type : ACT_GATHER_INFO |
2010-12-09 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_kdelibs3-7217.nasl - Type : ACT_GATHER_INFO |
2010-12-09 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_kdelibs3-101103.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-028.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-027.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1866.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1867.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1868.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1950.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1988.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1130.nasl - Type : ACT_GATHER_INFO |
2010-01-06 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1127.nasl - Type : ACT_GATHER_INFO |
2009-12-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-346.nasl - Type : ACT_GATHER_INFO |
2009-11-11 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-857-1.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-836-1.nasl - Type : ACT_GATHER_INFO |
2009-08-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-822-1.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8802.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8800.nasl - Type : ACT_GATHER_INFO |
2009-07-29 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8020.nasl - Type : ACT_GATHER_INFO |
2009-07-29 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8039.nasl - Type : ACT_GATHER_INFO |
2009-07-29 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8046.nasl - Type : ACT_GATHER_INFO |
2009-07-29 | Name : The remote Fedora host is missing a security update. File : fedora_2009-8049.nasl - Type : ACT_GATHER_INFO |
2009-07-17 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_2_0_172_37.nasl - Type : ACT_GATHER_INFO |
2009-07-13 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6166.nasl - Type : ACT_GATHER_INFO |
2009-07-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4_0_2.nasl - Type : ACT_GATHER_INFO |
2009-07-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari4_0_2.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1130.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1128.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1127.nasl - Type : ACT_GATHER_INFO |
2009-06-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2009-1128.nasl - Type : ACT_GATHER_INFO |
2009-06-11 | Name : The remote host contains a web browser that is affected by multiple vulnerabi... File : google_chrome_2_0_172_31.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_4.0.nasl - Type : ACT_GATHER_INFO |
2009-06-09 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : macosx_Safari4_0.nasl - Type : ACT_GATHER_INFO |
2009-05-15 | Name : The remote host contains a web browser that is affected by a remote code exec... File : google_chrome_1_0_154_65.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_3_2_3.nasl - Type : ACT_GATHER_INFO |
2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:29:04 |
|