Vulnerabilities > CVE-2007-0242 - Unspecified vulnerability in QT 3.3.8/4.2.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN qt
nessus
Summary
The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_QT3-3048.NASL description qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242). last seen 2020-06-01 modified 2020-06-02 plugin id 27413 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27413 title openSUSE 10 Security Update : qt3 (qt3-3048) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update qt3-3048. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27413); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:30"); script_cve_id("CVE-2007-0242"); script_name(english:"openSUSE 10 Security Update : qt3 (qt3-3048)"); script_summary(english:"Check for the qt3-3048 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242)." ); script_set_attribute(attribute:"solution", value:"Update the affected qt3 packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt3-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt3-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt3-devel-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt3-static"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"qt3-3.3.5-58.15.3") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"qt3-devel-3.3.5-58.15.3") ) flag++; if ( rpm_check(release:"SUSE10.1", reference:"qt3-static-3.3.5-58.14.3") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"qt3-32bit-3.3.5-58.15.3") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"qt3-devel-32bit-3.3.5-58.15.3") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"qt3-3.3.7-14") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"qt3-devel-3.3.7-14") ) flag++; if ( rpm_check(release:"SUSE10.2", reference:"qt3-static-3.3.7-15") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"qt3-32bit-3.3.7-14") ) flag++; if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"qt3-devel-32bit-3.3.7-14") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt3 / qt3-32bit / qt3-devel / qt3-devel-32bit / qt3-static"); }
NASL family Scientific Linux Local Security Checks NASL id SL_20110921_QT4_ON_SL5_X.NASL description Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 61140 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61140 title Scientific Linux Security Update : qt4 on SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(61140); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2007-0242", "CVE-2011-3193"); script_name(english:"Scientific Linux Security Update : qt4 on SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1109&L=scientific-linux-errata&T=0&P=2708 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?900cbdd8" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2011/09/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL5", reference:"qt4-4.2.1-1.el5_7.1")) flag++; if (rpm_check(release:"SL5", reference:"qt4-debuginfo-4.2.1-1.el5_7.1")) flag++; if (rpm_check(release:"SL5", reference:"qt4-devel-4.2.1-1.el5_7.1")) flag++; if (rpm_check(release:"SL5", reference:"qt4-doc-4.2.1-1.el5_7.1")) flag++; if (rpm_check(release:"SL5", reference:"qt4-mysql-4.2.1-1.el5_7.1")) flag++; if (rpm_check(release:"SL5", reference:"qt4-odbc-4.2.1-1.el5_7.1")) flag++; if (rpm_check(release:"SL5", reference:"qt4-postgresql-4.2.1-1.el5_7.1")) flag++; if (rpm_check(release:"SL5", reference:"qt4-sqlite-4.2.1-1.el5_7.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Scientific Linux Local Security Checks NASL id SL_20071008_KDELIBS_ON_SL5_X.NASL description Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 60263 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60263 title Scientific Linux Security Update : kdelibs on SL5.x, SL4.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60263); script_version("1.5"); script_cvs_date("Date: 2019/10/25 13:36:17"); script_cve_id("CVE-2007-0242", "CVE-2007-0537", "CVE-2007-1308", "CVE-2007-1564", "CVE-2007-3820", "CVE-2007-4224"); script_name(english:"Scientific Linux Security Update : kdelibs on SL5.x, SL4.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1564) Two Konqueror address spoofing flaws have been discovered. It was possible for a malicious website to cause the Konqueror address bar to display information which could trick a user into believing they are at a different website than they actually are. (CVE-2007-3820, CVE-2007-4224)" ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0710&L=scientific-linux-errata&T=0&P=778 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7627dbff" ); script_set_attribute( attribute:"solution", value: "Update the affected kdelibs, kdelibs-apidocs and / or kdelibs-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_cwe_id(59, 79, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/10/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL4", reference:"kdelibs-3.3.1-9.el4")) flag++; if (rpm_check(release:"SL4", reference:"kdelibs-devel-3.3.1-9.el4")) flag++; if (rpm_check(release:"SL5", reference:"kdelibs-3.5.4-13.el5")) flag++; if (rpm_check(release:"SL5", reference:"kdelibs-apidocs-3.5.4-13.el5")) flag++; if (rpm_check(release:"SL5", reference:"kdelibs-devel-3.5.4-13.el5")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-076.NASL description A bug was discovered in KJS where UTF8 decoding did not reject overlong sequences. This vulnerability is similar to that discovered by Andreas Nolden in QT3 and QT4, but at this current time there is no known exploit for this issue. Updated packages have been patched to address this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24942 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24942 title Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:076) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2007:076. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(24942); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:49"); script_cve_id("CVE-2007-0242"); script_xref(name:"MDKSA", value:"2007:076"); script_name(english:"Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:076)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A bug was discovered in KJS where UTF8 decoding did not reject overlong sequences. This vulnerability is similar to that discovered by Andreas Nolden in QT3 and QT4, but at this current time there is no known exploit for this issue. Updated packages have been patched to address this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-devel-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdecore4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdecore4-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdecore4"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdecore4-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/05"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2007.0", reference:"kdelibs-common-3.5.4-19.5mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", reference:"kdelibs-devel-doc-3.5.4-19.5mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdecore4-3.5.4-19.5mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdecore4-devel-3.5.4-19.5mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdecore4-3.5.4-19.5mdv2007.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdecore4-devel-3.5.4-19.5mdv2007.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0883.NASL description Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. A flaw was found in the way Qt expanded certain UTF8 characters. It was possible to prevent a Qt-based application from properly sanitizing user-supplied input. This could, for example, result in a cross-site scripting attack against the Konqueror web browser. (CVE-2007-0242) A buffer overflow flaw was found in the way Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-4137) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 26028 published 2007-09-14 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26028 title CentOS 3 / 4 / 5 : qt (CESA-2007:0883) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0883 and # CentOS Errata and Security Advisory 2007:0883 respectively. # include("compat.inc"); if (description) { script_id(26028); script_version("1.21"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2007-0242", "CVE-2007-4137"); script_bugtraq_id(23269, 25657); script_xref(name:"RHSA", value:"2007:0883"); script_name(english:"CentOS 3 / 4 / 5 : qt (CESA-2007:0883)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. A flaw was found in the way Qt expanded certain UTF8 characters. It was possible to prevent a Qt-based application from properly sanitizing user-supplied input. This could, for example, result in a cross-site scripting attack against the Konqueror web browser. (CVE-2007-0242) A buffer overflow flaw was found in the way Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-4137) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues." ); # https://lists.centos.org/pipermail/centos-announce/2007-September/014190.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?5f79cf04" ); # https://lists.centos.org/pipermail/centos-announce/2007-September/014191.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?dfa694ad" ); # https://lists.centos.org/pipermail/centos-announce/2007-September/014192.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?94ca4688" ); # https://lists.centos.org/pipermail/centos-announce/2007-September/014193.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cb2cbee7" ); # https://lists.centos.org/pipermail/centos-announce/2007-September/014194.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ec2ad63b" ); # https://lists.centos.org/pipermail/centos-announce/2007-September/014195.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cdcf183a" ); # https://lists.centos.org/pipermail/centos-announce/2007-September/014235.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?60627ecc" ); # https://lists.centos.org/pipermail/centos-announce/2007-September/014236.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?967ce360" ); script_set_attribute(attribute:"solution", value:"Update the affected qt packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(119); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-MySQL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-ODBC"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-PostgreSQL"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-config"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-designer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-devel-docs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/03"); script_set_attribute(attribute:"patch_publication_date", value:"2007/09/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x / 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"qt-3.1.2-17.RHEL3")) flag++; if (rpm_check(release:"CentOS-3", reference:"qt-MySQL-3.1.2-17.RHEL3")) flag++; if (rpm_check(release:"CentOS-3", reference:"qt-ODBC-3.1.2-17.RHEL3")) flag++; if (rpm_check(release:"CentOS-3", reference:"qt-PostgreSQL-3.1.2-17.RHEL3")) flag++; if (rpm_check(release:"CentOS-3", reference:"qt-config-3.1.2-17.RHEL3")) flag++; if (rpm_check(release:"CentOS-3", reference:"qt-designer-3.1.2-17.RHEL3")) flag++; if (rpm_check(release:"CentOS-3", reference:"qt-devel-3.1.2-17.RHEL3")) flag++; if (rpm_check(release:"CentOS-4", reference:"qt-3.3.3-13.RHEL4")) flag++; if (rpm_check(release:"CentOS-4", reference:"qt-MySQL-3.3.3-13.RHEL4")) flag++; if (rpm_check(release:"CentOS-4", reference:"qt-ODBC-3.3.3-13.RHEL4")) flag++; if (rpm_check(release:"CentOS-4", reference:"qt-PostgreSQL-3.3.3-13.RHEL4")) flag++; if (rpm_check(release:"CentOS-4", reference:"qt-config-3.3.3-13.RHEL4")) flag++; if (rpm_check(release:"CentOS-4", reference:"qt-designer-3.3.3-13.RHEL4")) flag++; if (rpm_check(release:"CentOS-4", reference:"qt-devel-3.3.3-13.RHEL4")) flag++; if (rpm_check(release:"CentOS-5", reference:"qt-3.3.6-23.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"qt-MySQL-3.3.6-23.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"qt-ODBC-3.3.6-23.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"qt-PostgreSQL-3.3.6-23.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"qt-config-3.3.6-23.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"qt-designer-3.3.6-23.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"qt-devel-3.3.6-23.el5")) flag++; if (rpm_check(release:"CentOS-5", reference:"qt-devel-docs-3.3.6-23.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt / qt-MySQL / qt-ODBC / qt-PostgreSQL / qt-config / qt-designer / etc"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1292.NASL description Andreas Nolden discovered a bug in the UTF8 decoding routines in qt4-x11, a C++ GUI library framework, that could allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. last seen 2020-06-01 modified 2020-06-02 plugin id 25229 published 2007-05-16 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25229 title Debian DSA-1292-1 : qt4-x11 - missing input validation code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1292. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(25229); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:20"); script_cve_id("CVE-2007-0242"); script_bugtraq_id(23269); script_xref(name:"DSA", value:"1292"); script_name(english:"Debian DSA-1292-1 : qt4-x11 - missing input validation"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Andreas Nolden discovered a bug in the UTF8 decoding routines in qt4-x11, a C++ GUI library framework, that could allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417391" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2007/dsa-1292" ); script_set_attribute( attribute:"solution", value: "Upgrade the qt4-x11 package. For the stable distribution (etch), this problem has been fixed in version 4.2.1-2etch1. For the testing and unstable distribution (lenny and sid, respectively), this problem has been fixed in version 4.2.2-2." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qt4-x11"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2007/05/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libqt4-core", reference:"4.2.1-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"libqt4-debug", reference:"4.2.1-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"libqt4-dev", reference:"4.2.1-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"libqt4-gui", reference:"4.2.1-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"libqt4-qt3support", reference:"4.2.1-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"libqt4-sql", reference:"4.2.1-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"qt4-designer", reference:"4.2.1-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"qt4-dev-tools", reference:"4.2.1-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"qt4-doc", reference:"4.2.1-2etch1")) flag++; if (deb_check(release:"4.0", prefix:"qt4-qtconfig", reference:"4.2.1-2etch1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0909.NASL description Updated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment (KDE). Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 26952 published 2007-10-09 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26952 title RHEL 4 / 5 : kdelibs (RHSA-2007:0909) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0909.NASL description From Red Hat Security Advisory 2007:0909 : Updated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment (KDE). Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 67574 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67574 title Oracle Linux 4 / 5 : kdelibs (ELSA-2007-0909) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0909.NASL description Updated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment (KDE). Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user last seen 2020-06-01 modified 2020-06-02 plugin id 26974 published 2007-10-12 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26974 title CentOS 4 / 5 : kdelibs (CESA-2007:0909) NASL family SuSE Local Security Checks NASL id SUSE_QT-3047.NASL description qt wongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror. (CVE-2007-0242) last seen 2020-06-01 modified 2020-06-02 plugin id 29562 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29562 title SuSE 10 Security Update : Qt (ZYPP Patch Number 3047) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2007-093-03.NASL description New qt packages are available for Slackware 10.2, 11.0, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24918 published 2007-04-05 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24918 title Slackware 10.2 / 11.0 / current : qt (SSA:2007-093-03) NASL family SuSE Local Security Checks NASL id SUSE_LIBQT4-3056.NASL description qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242). last seen 2020-06-01 modified 2020-06-02 plugin id 27332 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27332 title openSUSE 10 Security Update : libqt4 (libqt4-3056) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0883.NASL description From Red Hat Security Advisory 2007:0883 : Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. A flaw was found in the way Qt expanded certain UTF8 characters. It was possible to prevent a Qt-based application from properly sanitizing user-supplied input. This could, for example, result in a cross-site scripting attack against the Konqueror web browser. (CVE-2007-0242) A buffer overflow flaw was found in the way Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-4137) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 67568 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67568 title Oracle Linux 3 / 4 / 5 : qt (ELSA-2007-0883) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-074.NASL description Andreas Nolden discover a bug in qt3, where the UTF8 decoder does not reject overlong sequences, which can cause last seen 2020-06-01 modified 2020-06-02 plugin id 37804 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37804 title Mandrake Linux Security Advisory : qt3 (MDKSA-2007:074) NASL family Scientific Linux Local Security Checks NASL id SL_20070913_QT_ON_SL5_X.NASL description A flaw was found in the way Qt expanded certain UTF8 characters. It was possible to prevent a Qt-based application from properly sanitizing user supplied input. This could, for example, result in a cross-site scripting attack against the Konqueror web browser. (CVE-2007-0242) A buffer overflow flaw was found in the way Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-4137) last seen 2020-06-01 modified 2020-06-02 plugin id 60250 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60250 title Scientific Linux Security Update : qt on SL5.x, SL4.x, SL3.x i386/x86_64 NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1324.NASL description From Red Hat Security Advisory 2011:1324 : Updated qt4 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 68354 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68354 title Oracle Linux 5 : qt4 (ELSA-2011-1324) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2007-075.NASL description Andreas Nolden discover a bug in qt4, where the UTF8 decoder does not reject overlong sequences, which can cause last seen 2020-06-01 modified 2020-06-02 plugin id 37324 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37324 title Mandrake Linux Security Advisory : qt4 (MDKSA-2007:075-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0883.NASL description Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. A flaw was found in the way Qt expanded certain UTF8 characters. It was possible to prevent a Qt-based application from properly sanitizing user-supplied input. This could, for example, result in a cross-site scripting attack against the Konqueror web browser. (CVE-2007-0242) A buffer overflow flaw was found in the way Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-4137) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 26051 published 2007-09-14 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/26051 title RHEL 2.1 / 3 / 4 / 5 : qt (RHSA-2007:0883) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2011-1324.NASL description Updated qt4 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 56248 published 2011-09-22 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56248 title CentOS 5 : qt4 (CESA-2011:1324) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1324.NASL description Updated qt4 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 56251 published 2011-09-22 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56251 title RHEL 5 : qt4 (RHSA-2011:1324) NASL family SuSE Local Security Checks NASL id SUSE_QT3-3052.NASL description qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror. (CVE-2007-0242) last seen 2020-06-01 modified 2020-06-02 plugin id 29564 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29564 title SuSE 10 Security Update : Qt3 (ZYPP Patch Number 3052) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-452-1.NASL description The Qt library did not correctly handle truncated UTF8 strings, which could cause some applications to incorrectly filter malicious strings. If a Konqueror user were tricked into visiting a website containing specially crafted strings, normal XSS prevention could be bypassed allowing a remote attacker to steal confidential data. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 28049 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28049 title Ubuntu 5.10 / 6.06 LTS / 6.10 : kdelibs, qt-x11-free vulnerability (USN-452-1) NASL family Fedora Local Security Checks NASL id FEDORA_2007-703.NASL description - Mon Sep 17 2007 Than Ngo <than at redhat.com> - 1:3.3.8-2.fc6 - bz292951, CVE-2007-4137 - Wed Aug 29 2007 Than Ngo <than at redhat.com> - 1:3.3.8-1.fc6.1 - CVE-2007-3388 qt format string flaw - bz#234635, CVE-2007-0242 qt UTF8 improper character expansion Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 26083 published 2007-09-24 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/26083 title Fedora Core 6 : qt-3.3.8-2.fc6 (2007-703) NASL family SuSE Local Security Checks NASL id SUSE_QT-3050.NASL description qt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242). last seen 2020-06-01 modified 2020-06-02 plugin id 27411 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27411 title openSUSE 10 Security Update : qt (qt-3050)
Oval
accepted | 2013-04-29T04:14:31.060-04:00 | ||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||
description | The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. | ||||||||||||||||||||||||||||||||
family | unix | ||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:11510 | ||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
title | The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters. | ||||||||||||||||||||||||||||||||
version | 28 |
Redhat
advisories |
| ||||||||||||
rpms |
|
References
- http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350
- http://www.securityfocus.com/bid/23269
- http://secunia.com/advisories/24727
- http://secunia.com/advisories/24699
- http://secunia.com/advisories/24705
- http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591
- http://www.ubuntu.com/usn/usn-452-1
- http://secunia.com/advisories/24726
- http://secunia.com/advisories/24847
- http://support.novell.com/techcenter/psdb/39ea4b325a7da742cb8b6995fa585b14.html
- http://support.novell.com/techcenter/psdb/fc79b7f48d739f9c803a24ddad933384.html
- http://www.novell.com/linux/security/advisories/2007_6_sr.html
- http://secunia.com/advisories/24797
- http://secunia.com/advisories/24889
- https://issues.rpath.com/browse/RPL-1202
- http://secunia.com/advisories/24759
- http://www.debian.org/security/2007/dsa-1292
- http://secunia.com/advisories/25263
- http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm
- http://fedoranews.org/updates/FEDORA-2007-703.shtml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:074
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:075
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:076
- http://www.redhat.com/support/errata/RHSA-2007-0909.html
- http://www.redhat.com/support/errata/RHSA-2007-0883.html
- ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
- http://secunia.com/advisories/26857
- http://secunia.com/advisories/26804
- http://secunia.com/advisories/27108
- http://secunia.com/advisories/27275
- http://www.vupen.com/english/advisories/2007/1212
- http://secunia.com/advisories/46117
- http://rhn.redhat.com/errata/RHSA-2011-1324.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33397
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11510
- http://www.nabble.com/Bug-417390:-CVE-2007-0242%2C--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.html