Vulnerabilities > CVE-2007-0242 - Unspecified vulnerability in QT 3.3.8/4.2.3

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
qt
nessus

Summary

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

Vulnerable Configurations

Part Description Count
Application
Qt
2

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_QT3-3048.NASL
    descriptionqt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242).
    last seen2020-06-01
    modified2020-06-02
    plugin id27413
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27413
    titleopenSUSE 10 Security Update : qt3 (qt3-3048)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update qt3-3048.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27413);
      script_version ("1.12");
      script_cvs_date("Date: 2019/10/25 13:36:30");
    
      script_cve_id("CVE-2007-0242");
    
      script_name(english:"openSUSE 10 Security Update : qt3 (qt3-3048)");
      script_summary(english:"Check for the qt3-3048 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "qt wrongly accepts overly long UTF-8 sequences due to a bug in the
    UTF-8 decoder. This may lead to security problems unter certain
    circumstances. The bug for example allows for script tag injection in
    konqueror (CVE-2007-0242)."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected qt3 packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt3-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt3-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt3-devel-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:qt3-static");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1|SUSE10\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1 / 10.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"qt3-3.3.5-58.15.3") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"qt3-devel-3.3.5-58.15.3") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"qt3-static-3.3.5-58.14.3") ) flag++;
    if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"qt3-32bit-3.3.5-58.15.3") ) flag++;
    if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"qt3-devel-32bit-3.3.5-58.15.3") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"qt3-3.3.7-14") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"qt3-devel-3.3.7-14") ) flag++;
    if ( rpm_check(release:"SUSE10.2", reference:"qt3-static-3.3.7-15") ) flag++;
    if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"qt3-32bit-3.3.7-14") ) flag++;
    if ( rpm_check(release:"SUSE10.2", cpu:"x86_64", reference:"qt3-devel-32bit-3.3.7-14") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt3 / qt3-32bit / qt3-devel / qt3-devel-32bit / qt3-static");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20110921_QT4_ON_SL5_X.NASL
    descriptionQt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id61140
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61140
    titleScientific Linux Security Update : qt4 on SL5.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(61140);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:20");
    
      script_cve_id("CVE-2007-0242", "CVE-2011-3193");
    
      script_name(english:"Scientific Linux Security Update : qt4 on SL5.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Qt 4 is a software toolkit that simplifies the task of writing and
    maintaining GUI (Graphical User Interface) applications for the X
    Window System. HarfBuzz is an OpenType text shaping engine.
    
    A flaw in the way Qt 4 expanded certain UTF-8 characters could be used
    to prevent a Qt 4 based application from properly sanitizing user
    input. Depending on the application, this could allow an attacker to
    perform directory traversal, or for web applications, a cross-site
    scripting (XSS) attack. (CVE-2007-0242)
    
    A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a
    user loaded a specially crafted font file with an application linked
    against Qt 4, it could cause the application to crash or, possibly,
    execute arbitrary code with the privileges of the user running the
    application. (CVE-2011-3193)
    
    Users of Qt 4 should upgrade to these updated packages, which contain
    backported patches to correct these issues. All running applications
    linked against Qt 4 libraries must be restarted for this update to
    take effect."
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1109&L=scientific-linux-errata&T=0&P=2708
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?900cbdd8"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/09/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL5", reference:"qt4-4.2.1-1.el5_7.1")) flag++;
    if (rpm_check(release:"SL5", reference:"qt4-debuginfo-4.2.1-1.el5_7.1")) flag++;
    if (rpm_check(release:"SL5", reference:"qt4-devel-4.2.1-1.el5_7.1")) flag++;
    if (rpm_check(release:"SL5", reference:"qt4-doc-4.2.1-1.el5_7.1")) flag++;
    if (rpm_check(release:"SL5", reference:"qt4-mysql-4.2.1-1.el5_7.1")) flag++;
    if (rpm_check(release:"SL5", reference:"qt4-odbc-4.2.1-1.el5_7.1")) flag++;
    if (rpm_check(release:"SL5", reference:"qt4-postgresql-4.2.1-1.el5_7.1")) flag++;
    if (rpm_check(release:"SL5", reference:"qt4-sqlite-4.2.1-1.el5_7.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20071008_KDELIBS_ON_SL5_X.NASL
    descriptionTwo cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user
    last seen2020-06-01
    modified2020-06-02
    plugin id60263
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60263
    titleScientific Linux Security Update : kdelibs on SL5.x, SL4.x i386/x86_64
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text is (C) Scientific Linux.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(60263);
      script_version("1.5");
      script_cvs_date("Date: 2019/10/25 13:36:17");
    
      script_cve_id("CVE-2007-0242", "CVE-2007-0537", "CVE-2007-1308", "CVE-2007-1564", "CVE-2007-3820", "CVE-2007-4224");
    
      script_name(english:"Scientific Linux Security Update : kdelibs on SL5.x, SL4.x i386/x86_64");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Scientific Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Two cross-site-scripting flaws were found in the way Konqueror
    processes certain HTML content. This could result in a malicious
    attacker presenting misleading content to an unsuspecting user.
    (CVE-2007-0242, CVE-2007-0537)
    
    A flaw was found in KDE JavaScript implementation. A web page
    containing malicious JavaScript code could cause Konqueror to crash.
    (CVE-2007-1308)
    
    A flaw was found in the way Konqueror handled certain FTP PASV
    commands. A malicious FTP server could use this flaw to perform a
    rudimentary port-scan of machines behind a user's firewall.
    (CVE-2007-1564)
    
    Two Konqueror address spoofing flaws have been discovered. It was
    possible for a malicious website to cause the Konqueror address bar to
    display information which could trick a user into believing they are
    at a different website than they actually are. (CVE-2007-3820,
    CVE-2007-4224)"
      );
      # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0710&L=scientific-linux-errata&T=0&P=778
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7627dbff"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected kdelibs, kdelibs-apidocs and / or kdelibs-devel
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_cwe_id(59, 79, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/10/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Scientific Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"SL4", reference:"kdelibs-3.3.1-9.el4")) flag++;
    if (rpm_check(release:"SL4", reference:"kdelibs-devel-3.3.1-9.el4")) flag++;
    
    if (rpm_check(release:"SL5", reference:"kdelibs-3.5.4-13.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kdelibs-apidocs-3.5.4-13.el5")) flag++;
    if (rpm_check(release:"SL5", reference:"kdelibs-devel-3.5.4-13.el5")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-076.NASL
    descriptionA bug was discovered in KJS where UTF8 decoding did not reject overlong sequences. This vulnerability is similar to that discovered by Andreas Nolden in QT3 and QT4, but at this current time there is no known exploit for this issue. Updated packages have been patched to address this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24942
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24942
    titleMandrake Linux Security Advisory : kdelibs (MDKSA-2007:076)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2007:076. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(24942);
      script_version ("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:49");
    
      script_cve_id("CVE-2007-0242");
      script_xref(name:"MDKSA", value:"2007:076");
    
      script_name(english:"Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:076)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A bug was discovered in KJS where UTF8 decoding did not reject
    overlong sequences. This vulnerability is similar to that discovered
    by Andreas Nolden in QT3 and QT4, but at this current time there is no
    known exploit for this issue.
    
    Updated packages have been patched to address this issue."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdelibs-devel-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdecore4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdecore4-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdecore4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdecore4-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/04/03");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/05");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK2007.0", reference:"kdelibs-common-3.5.4-19.5mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", reference:"kdelibs-devel-doc-3.5.4-19.5mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdecore4-3.5.4-19.5mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"x86_64", reference:"lib64kdecore4-devel-3.5.4-19.5mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdecore4-3.5.4-19.5mdv2007.0", yank:"mdv")) flag++;
    if (rpm_check(release:"MDK2007.0", cpu:"i386", reference:"libkdecore4-devel-3.5.4-19.5mdv2007.0", yank:"mdv")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0883.NASL
    descriptionUpdated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. A flaw was found in the way Qt expanded certain UTF8 characters. It was possible to prevent a Qt-based application from properly sanitizing user-supplied input. This could, for example, result in a cross-site scripting attack against the Konqueror web browser. (CVE-2007-0242) A buffer overflow flaw was found in the way Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-4137) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id26028
    published2007-09-14
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26028
    titleCentOS 3 / 4 / 5 : qt (CESA-2007:0883)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:0883 and 
    # CentOS Errata and Security Advisory 2007:0883 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(26028);
      script_version("1.21");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2007-0242", "CVE-2007-4137");
      script_bugtraq_id(23269, 25657);
      script_xref(name:"RHSA", value:"2007:0883");
    
      script_name(english:"CentOS 3 / 4 / 5 : qt (CESA-2007:0883)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated qt packages that correct two security flaws are now available.
    
    This update has been rated as having important security impact by the
    Red Hat Security Response Team.
    
    Qt is a software toolkit that simplifies the task of writing and
    maintaining GUI (Graphical User Interface) applications for the X
    Window System.
    
    A flaw was found in the way Qt expanded certain UTF8 characters. It
    was possible to prevent a Qt-based application from properly
    sanitizing user-supplied input. This could, for example, result in a
    cross-site scripting attack against the Konqueror web browser.
    (CVE-2007-0242)
    
    A buffer overflow flaw was found in the way Qt expanded malformed
    Unicode strings. If an application linked against Qt parsed a
    malicious Unicode string, it could lead to a denial of service or
    possibly allow the execution of arbitrary code. (CVE-2007-4137)
    
    Users of Qt should upgrade to these updated packages, which contain a
    backported patch to correct these issues."
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-September/014190.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5f79cf04"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-September/014191.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dfa694ad"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-September/014192.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?94ca4688"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-September/014193.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cb2cbee7"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-September/014194.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ec2ad63b"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-September/014195.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?cdcf183a"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-September/014235.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?60627ecc"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-September/014236.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?967ce360"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected qt packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(119);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-MySQL");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-ODBC");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-PostgreSQL");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-config");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-designer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:qt-devel-docs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/03");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/09/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/14");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x / 5.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"qt-3.1.2-17.RHEL3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"qt-MySQL-3.1.2-17.RHEL3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"qt-ODBC-3.1.2-17.RHEL3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"qt-PostgreSQL-3.1.2-17.RHEL3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"qt-config-3.1.2-17.RHEL3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"qt-designer-3.1.2-17.RHEL3")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"qt-devel-3.1.2-17.RHEL3")) flag++;
    
    if (rpm_check(release:"CentOS-4", reference:"qt-3.3.3-13.RHEL4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"qt-MySQL-3.3.3-13.RHEL4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"qt-ODBC-3.3.3-13.RHEL4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"qt-PostgreSQL-3.3.3-13.RHEL4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"qt-config-3.3.3-13.RHEL4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"qt-designer-3.3.3-13.RHEL4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"qt-devel-3.3.3-13.RHEL4")) flag++;
    
    if (rpm_check(release:"CentOS-5", reference:"qt-3.3.6-23.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"qt-MySQL-3.3.6-23.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"qt-ODBC-3.3.6-23.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"qt-PostgreSQL-3.3.6-23.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"qt-config-3.3.6-23.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"qt-designer-3.3.6-23.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"qt-devel-3.3.6-23.el5")) flag++;
    if (rpm_check(release:"CentOS-5", reference:"qt-devel-docs-3.3.6-23.el5")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt / qt-MySQL / qt-ODBC / qt-PostgreSQL / qt-config / qt-designer / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1292.NASL
    descriptionAndreas Nolden discovered a bug in the UTF8 decoding routines in qt4-x11, a C++ GUI library framework, that could allow remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
    last seen2020-06-01
    modified2020-06-02
    plugin id25229
    published2007-05-16
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25229
    titleDebian DSA-1292-1 : qt4-x11 - missing input validation
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1292. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25229);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2007-0242");
      script_bugtraq_id(23269);
      script_xref(name:"DSA", value:"1292");
    
      script_name(english:"Debian DSA-1292-1 : qt4-x11 - missing input validation");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Andreas Nolden discovered a bug in the UTF8 decoding routines in
    qt4-x11, a C++ GUI library framework, that could allow remote
    attackers to conduct cross-site scripting (XSS) and directory
    traversal attacks via long sequences that decode to dangerous
    metacharacters."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=417391"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2007/dsa-1292"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the qt4-x11 package.
    
    For the stable distribution (etch), this problem has been fixed in
    version 4.2.1-2etch1.
    
    For the testing and unstable distribution (lenny and sid,
    respectively), this problem has been fixed in version 4.2.2-2."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qt4-x11");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2007/05/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/05/16");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"libqt4-core", reference:"4.2.1-2etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libqt4-debug", reference:"4.2.1-2etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libqt4-dev", reference:"4.2.1-2etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libqt4-gui", reference:"4.2.1-2etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libqt4-qt3support", reference:"4.2.1-2etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"libqt4-sql", reference:"4.2.1-2etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"qt4-designer", reference:"4.2.1-2etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"qt4-dev-tools", reference:"4.2.1-2etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"qt4-doc", reference:"4.2.1-2etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"qt4-qtconfig", reference:"4.2.1-2etch1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0909.NASL
    descriptionUpdated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment (KDE). Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user
    last seen2020-06-01
    modified2020-06-02
    plugin id26952
    published2007-10-09
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26952
    titleRHEL 4 / 5 : kdelibs (RHSA-2007:0909)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0909.NASL
    descriptionFrom Red Hat Security Advisory 2007:0909 : Updated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment (KDE). Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user
    last seen2020-06-01
    modified2020-06-02
    plugin id67574
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67574
    titleOracle Linux 4 / 5 : kdelibs (ELSA-2007-0909)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0909.NASL
    descriptionUpdated kdelibs packages that resolve several security flaws are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment (KDE). Two cross-site-scripting flaws were found in the way Konqueror processes certain HTML content. This could result in a malicious attacker presenting misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537) A flaw was found in KDE JavaScript implementation. A web page containing malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308) A flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user
    last seen2020-06-01
    modified2020-06-02
    plugin id26974
    published2007-10-12
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26974
    titleCentOS 4 / 5 : kdelibs (CESA-2007:0909)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_QT-3047.NASL
    descriptionqt wongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror. (CVE-2007-0242)
    last seen2020-06-01
    modified2020-06-02
    plugin id29562
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29562
    titleSuSE 10 Security Update : Qt (ZYPP Patch Number 3047)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2007-093-03.NASL
    descriptionNew qt packages are available for Slackware 10.2, 11.0, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24918
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24918
    titleSlackware 10.2 / 11.0 / current : qt (SSA:2007-093-03)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBQT4-3056.NASL
    descriptionqt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242).
    last seen2020-06-01
    modified2020-06-02
    plugin id27332
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27332
    titleopenSUSE 10 Security Update : libqt4 (libqt4-3056)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0883.NASL
    descriptionFrom Red Hat Security Advisory 2007:0883 : Updated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. A flaw was found in the way Qt expanded certain UTF8 characters. It was possible to prevent a Qt-based application from properly sanitizing user-supplied input. This could, for example, result in a cross-site scripting attack against the Konqueror web browser. (CVE-2007-0242) A buffer overflow flaw was found in the way Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-4137) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id67568
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67568
    titleOracle Linux 3 / 4 / 5 : qt (ELSA-2007-0883)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-074.NASL
    descriptionAndreas Nolden discover a bug in qt3, where the UTF8 decoder does not reject overlong sequences, which can cause
    last seen2020-06-01
    modified2020-06-02
    plugin id37804
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37804
    titleMandrake Linux Security Advisory : qt3 (MDKSA-2007:074)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20070913_QT_ON_SL5_X.NASL
    descriptionA flaw was found in the way Qt expanded certain UTF8 characters. It was possible to prevent a Qt-based application from properly sanitizing user supplied input. This could, for example, result in a cross-site scripting attack against the Konqueror web browser. (CVE-2007-0242) A buffer overflow flaw was found in the way Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-4137)
    last seen2020-06-01
    modified2020-06-02
    plugin id60250
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60250
    titleScientific Linux Security Update : qt on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2011-1324.NASL
    descriptionFrom Red Hat Security Advisory 2011:1324 : Updated qt4 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id68354
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68354
    titleOracle Linux 5 : qt4 (ELSA-2011-1324)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-075.NASL
    descriptionAndreas Nolden discover a bug in qt4, where the UTF8 decoder does not reject overlong sequences, which can cause
    last seen2020-06-01
    modified2020-06-02
    plugin id37324
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37324
    titleMandrake Linux Security Advisory : qt4 (MDKSA-2007:075-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0883.NASL
    descriptionUpdated qt packages that correct two security flaws are now available. This update has been rated as having important security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. A flaw was found in the way Qt expanded certain UTF8 characters. It was possible to prevent a Qt-based application from properly sanitizing user-supplied input. This could, for example, result in a cross-site scripting attack against the Konqueror web browser. (CVE-2007-0242) A buffer overflow flaw was found in the way Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-4137) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id26051
    published2007-09-14
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/26051
    titleRHEL 2.1 / 3 / 4 / 5 : qt (RHSA-2007:0883)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2011-1324.NASL
    descriptionUpdated qt4 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id56248
    published2011-09-22
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56248
    titleCentOS 5 : qt4 (CESA-2011:1324)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2011-1324.NASL
    descriptionUpdated qt4 packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Qt 4 is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. HarfBuzz is an OpenType text shaping engine. A flaw in the way Qt 4 expanded certain UTF-8 characters could be used to prevent a Qt 4 based application from properly sanitizing user input. Depending on the application, this could allow an attacker to perform directory traversal, or for web applications, a cross-site scripting (XSS) attack. (CVE-2007-0242) A buffer overflow flaw was found in the harfbuzz module in Qt 4. If a user loaded a specially crafted font file with an application linked against Qt 4, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3193) Users of Qt 4 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications linked against Qt 4 libraries must be restarted for this update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id56251
    published2011-09-22
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56251
    titleRHEL 5 : qt4 (RHSA-2011:1324)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_QT3-3052.NASL
    descriptionqt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror. (CVE-2007-0242)
    last seen2020-06-01
    modified2020-06-02
    plugin id29564
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29564
    titleSuSE 10 Security Update : Qt3 (ZYPP Patch Number 3052)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-452-1.NASL
    descriptionThe Qt library did not correctly handle truncated UTF8 strings, which could cause some applications to incorrectly filter malicious strings. If a Konqueror user were tricked into visiting a website containing specially crafted strings, normal XSS prevention could be bypassed allowing a remote attacker to steal confidential data. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id28049
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28049
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : kdelibs, qt-x11-free vulnerability (USN-452-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-703.NASL
    description - Mon Sep 17 2007 Than Ngo <than at redhat.com> - 1:3.3.8-2.fc6 - bz292951, CVE-2007-4137 - Wed Aug 29 2007 Than Ngo <than at redhat.com> - 1:3.3.8-1.fc6.1 - CVE-2007-3388 qt format string flaw - bz#234635, CVE-2007-0242 qt UTF8 improper character expansion Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id26083
    published2007-09-24
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/26083
    titleFedora Core 6 : qt-3.3.8-2.fc6 (2007-703)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_QT-3050.NASL
    descriptionqt wrongly accepts overly long UTF-8 sequences due to a bug in the UTF-8 decoder. This may lead to security problems unter certain circumstances. The bug for example allows for script tag injection in konqueror (CVE-2007-0242).
    last seen2020-06-01
    modified2020-06-02
    plugin id27411
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27411
    titleopenSUSE 10 Security Update : qt (qt-3050)

Oval

accepted2013-04-29T04:14:31.060-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionThe UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
familyunix
idoval:org.mitre.oval:def:11510
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleThe UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.
version28

Redhat

advisories
  • rhsa
    idRHSA-2007:0883
  • rhsa
    idRHSA-2007:0909
  • rhsa
    idRHSA-2011:1324
rpms
  • qt-1:2.3.1-14.EL2
  • qt-1:3.1.2-17.RHEL3
  • qt-1:3.3.3-13.RHEL4
  • qt-1:3.3.6-23.el5
  • qt-MySQL-1:3.1.2-17.RHEL3
  • qt-MySQL-1:3.3.3-13.RHEL4
  • qt-MySQL-1:3.3.6-23.el5
  • qt-ODBC-1:3.1.2-17.RHEL3
  • qt-ODBC-1:3.3.3-13.RHEL4
  • qt-ODBC-1:3.3.6-23.el5
  • qt-PostgreSQL-1:3.3.3-13.RHEL4
  • qt-PostgreSQL-1:3.3.6-23.el5
  • qt-Xt-1:2.3.1-14.EL2
  • qt-config-1:3.1.2-17.RHEL3
  • qt-config-1:3.3.3-13.RHEL4
  • qt-config-1:3.3.6-23.el5
  • qt-debuginfo-1:3.1.2-17.RHEL3
  • qt-debuginfo-1:3.3.3-13.RHEL4
  • qt-debuginfo-1:3.3.6-23.el5
  • qt-designer-1:2.3.1-14.EL2
  • qt-designer-1:3.1.2-17.RHEL3
  • qt-designer-1:3.3.3-13.RHEL4
  • qt-designer-1:3.3.6-23.el5
  • qt-devel-1:2.3.1-14.EL2
  • qt-devel-1:3.1.2-17.RHEL3
  • qt-devel-1:3.3.3-13.RHEL4
  • qt-devel-1:3.3.6-23.el5
  • qt-devel-docs-1:3.3.6-23.el5
  • qt-static-1:2.3.1-14.EL2
  • kdelibs-6:3.3.1-9.el4
  • kdelibs-6:3.5.4-13.el5
  • kdelibs-apidocs-6:3.5.4-13.el5
  • kdelibs-debuginfo-6:3.3.1-9.el4
  • kdelibs-debuginfo-6:3.5.4-13.el5
  • kdelibs-devel-6:3.3.1-9.el4
  • kdelibs-devel-6:3.5.4-13.el5
  • qt4-0:4.2.1-1.el5_7.1
  • qt4-debuginfo-0:4.2.1-1.el5_7.1
  • qt4-devel-0:4.2.1-1.el5_7.1
  • qt4-doc-0:4.2.1-1.el5_7.1
  • qt4-mysql-0:4.2.1-1.el5_7.1
  • qt4-odbc-0:4.2.1-1.el5_7.1
  • qt4-postgresql-0:4.2.1-1.el5_7.1
  • qt4-sqlite-0:4.2.1-1.el5_7.1

References