Executive Summary
| Summary | |
|---|---|
| Title | Updated Qt4 packages fix vulnerability in QSslSocket |
| Informations | |||
|---|---|---|---|
| Name | MDVSA-2008:042 | First vendor Publication | 2008-02-07 |
| Vendor | Mandriva | Last vendor Modification | 2008-02-07 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 4.3 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A potential vulnerability was discovered in Qt4 version 4.3.0 through 4.3.2 which may cause a certificate verification in SSL connections not to be performed. As a result, code that uses QSslSocket could be tricked into thinking that the certificate was verified correctly when it actually failed in one or more criteria. The updated packages have been patched to correct this issue. |
Original Source
| Url : http://www.mandriva.com/security/advisories?name=MDVSA-2008:042 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:17573 | |||
| Oval ID: | oval:org.mitre.oval:def:17573 | ||
| Title: | USN-579-1 -- qt4-x11 vulnerability | ||
| Description: | It was discovered that QSslSocket did not properly verify SSL certificates. | ||
| Family: | unix | Class: | patch |
| Reference(s): | USN-579-1 CVE-2007-5965 | Version: | 7 |
| Platform(s): | Ubuntu 7.10 | Product(s): | qt4-x11 |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-04-09 | Name : Mandriva Update for qt4 MDVSA-2008:042 (qt4) File : nvt/gb_mandriva_MDVSA_2008_042.nasl |
| 2009-03-23 | Name : Ubuntu Update for qt4-x11 vulnerability USN-579-1 File : nvt/gb_ubuntu_USN_579_1.nasl |
| 2009-02-24 | Name : Fedora Update for qt4 FEDORA-2007-4285 File : nvt/gb_fedora_2007_4285_qt4_fc8.nasl |
| 2009-02-24 | Name : Fedora Update for qt4 FEDORA-2007-4354 File : nvt/gb_fedora_2007_4354_qt4_fc7.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 39863 | Qt QSslSocket Certificate Verification Bypass |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-042.nasl - Type : ACT_GATHER_INFO |
| 2008-02-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-579-1.nasl - Type : ACT_GATHER_INFO |
| 2008-01-18 | Name : The remote openSUSE host is missing a security update. File : suse_libqt4-4790.nasl - Type : ACT_GATHER_INFO |
| 2008-01-04 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4285.nasl - Type : ACT_GATHER_INFO |
| 2008-01-04 | Name : The remote Fedora host is missing a security update. File : fedora_2007-4354.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:39:13 |
|
