Vulnerabilities > CVE-2009-1690 - Resource Management Errors vulnerability in multiple products

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
apple
google
CWE-399
critical
nessus

Summary

Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-857-1.NASL
    descriptionIt was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the QtWebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that QtWebKit did not properly handle certain XSL stylesheets. If a user were tricked into viewing a malicious website, an attacker could exploit this to read arbitrary local files, and possibly files from different security zones. (CVE-2009-1699, CVE-2009-1713) It was discovered that QtWebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42467
    published2009-11-11
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42467
    titleUbuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-857-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(42467);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:33:02");
    
      script_cve_id("CVE-2009-0945", "CVE-2009-1687", "CVE-2009-1690", "CVE-2009-1698", "CVE-2009-1699", "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1725");
      script_bugtraq_id(34924, 35271, 35309, 35318);
      script_xref(name:"USN", value:"857-1");
    
      script_name(english:"Ubuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that QtWebKit did not properly handle certain
    SVGPathList data structures. If a user were tricked into viewing a
    malicious website, an attacker could exploit this to execute arbitrary
    code with the privileges of the user invoking the program.
    (CVE-2009-0945)
    
    Several flaws were discovered in the QtWebKit browser and JavaScript
    engines. If a user were tricked into viewing a malicious website, a
    remote attacker could cause a denial of service or possibly execute
    arbitrary code with the privileges of the user invoking the program.
    (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711,
    CVE-2009-1725)
    
    It was discovered that QtWebKit did not properly handle certain XSL
    stylesheets. If a user were tricked into viewing a malicious website,
    an attacker could exploit this to read arbitrary local files, and
    possibly files from different security zones. (CVE-2009-1699,
    CVE-2009-1713)
    
    It was discovered that QtWebKit did not prevent the loading of local
    Java applets. If a user were tricked into viewing a malicious website,
    an attacker could exploit this to execute arbitrary code with the
    privileges of the user invoking the program. (CVE-2009-1712).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/857-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(94, 189, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-assistant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-dbus");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-designer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-dev-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-help");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-network");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-opengl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-opengl-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-qt3support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-script");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-scripttools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-psql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-sqlite2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-svg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-webkit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-webkit-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-xmlpatterns");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-xmlpatterns-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqtcore4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqtgui4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-demos");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-demos-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-designer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-dev-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-dev-tools-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-qmake");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-qtconfig");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.10 / 9.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-assistant", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-core", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-dbg", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-dbus", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-designer", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-dev", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-gui", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-help", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-network", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-opengl", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-opengl-dev", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-qt3support", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-script", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-mysql", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-odbc", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-psql", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-sqlite", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-sqlite2", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-svg", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-test", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-webkit", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-webkit-dbg", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-xml", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-xmlpatterns", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-xmlpatterns-dbg", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqtcore4", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqtgui4", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"qt4-demos", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"qt4-designer", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"qt4-dev-tools", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"qt4-doc", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"qt4-doc-html", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"qt4-qtconfig", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-assistant", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-core", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-dbus", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-designer", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-dev", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-dev-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-gui", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-help", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-network", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-opengl", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-opengl-dev", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-qt3support", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-script", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-scripttools", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-mysql", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-odbc", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-psql", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-sqlite", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-sqlite2", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-svg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-test", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-webkit", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-webkit-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-xml", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-xmlpatterns", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-xmlpatterns-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqtcore4", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqtgui4", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-demos", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-demos-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-designer", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-dev-tools", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-dev-tools-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-doc", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-doc-html", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-qmake", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-qtconfig", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libqt4-assistant / libqt4-core / libqt4-dbg / libqt4-dbus / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1988.NASL
    descriptionSeveral vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code. - CVE-2009-1687 The JavaScript garbage collector in WebKit, as used in qt4-x11 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an
    last seen2020-06-01
    modified2020-06-02
    plugin id44852
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44852
    titleDebian DSA-1988-1 : qt4-x11 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1988. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(44852);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:22");
    
      script_cve_id("CVE-2009-0945", "CVE-2009-1687", "CVE-2009-1690", "CVE-2009-1698", "CVE-2009-1699", "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1725", "CVE-2009-2700");
      script_bugtraq_id(34924, 35271, 35309, 35318);
      script_xref(name:"DSA", value:"1988");
    
      script_name(english:"Debian DSA-1988-1 : qt4-x11 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in qt4-x11, a
    cross-platform C++ application framework. The Common Vulnerabilities
    and Exposures project identifies the following problems :
    
      - CVE-2009-0945
        Array index error in the insertItemBefore method in
        WebKit, as used in qt4-x11, allows remote attackers to
        execute arbitrary code.
    
      - CVE-2009-1687
        The JavaScript garbage collector in WebKit, as used in
        qt4-x11 does not properly handle allocation failures,
        which allows remote attackers to execute arbitrary code
        or cause a denial of service (memory corruption and
        application crash) via a crafted HTML document that
        triggers write access to an 'offset of a NULL pointer.
    
      - CVE-2009-1690
        Use-after-free vulnerability in WebKit, as used in
        qt4-x11, allows remote attackers to execute arbitrary
        code or cause a denial of service (memory corruption and
        application crash) by setting an unspecified property of
        an HTML tag that causes child elements to be freed and
        later accessed when an HTML error occurs.
    
      - CVE-2009-1698
        WebKit in qt4-x11 does not initialize a pointer during
        handling of a Cascading Style Sheets (CSS) attr function
        call with a large numerical argument, which allows
        remote attackers to execute arbitrary code or cause a
        denial of service (memory corruption and application
        crash) via a crafted HTML document.
    
      - CVE-2009-1699
        The XSL stylesheet implementation in WebKit, as used in
        qt4-x11 does not properly handle XML external entities,
        which allows remote attackers to read arbitrary files
        via a crafted DTD.
    
      - CVE-2009-1711
        WebKit in qt4-x11 does not properly initialize memory
        for Attr DOM objects, which allows remote attackers to
        execute arbitrary code or cause a denial of service
        (application crash) via a crafted HTML document.
    
      - CVE-2009-1712
        WebKit in qt4-x11 does not prevent remote loading of
        local Java applets, which allows remote attackers to
        execute arbitrary code, gain privileges, or obtain
        sensitive information via an APPLET or OBJECT element.
    
      - CVE-2009-1713
        The XSLT functionality in WebKit, as used in qt4-x11
        does not properly implement the document function, which
        allows remote attackers to read arbitrary local files
        and files from different security zones.
    
      - CVE-2009-1725
        WebKit in qt4-x11 does not properly handle numeric
        character references, which allows remote attackers to
        execute arbitrary code or cause a denial of service
        (memory corruption and application crash) via a crafted
        HTML document.
    
      - CVE-2009-2700
        qt4-x11 does not properly handle a '\0' character in a
        domain name in the Subject Alternative Name field of an
        X.509 certificate, which allows man-in-the-middle
        attackers to spoof arbitrary SSL servers via a crafted
        certificate issued by a legitimate Certification
        Authority.
    
    The oldstable distribution (etch) is not affected by these problems."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532718"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534946"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538347"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545793"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-0945"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1687"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1690"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1698"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1699"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1711"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1713"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1725"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-2700"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2010/dsa-1988"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the qt4-x11 packages.
    
    For the stable distribution (lenny), these problems have been fixed in
    version 4.4.3-1+lenny1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(94, 189, 200, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qt4-x11");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/05/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/02/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"5.0", prefix:"libqt4-assistant", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-core", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-dbg", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-dbus", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-designer", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-dev", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-gui", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-help", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-network", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-opengl", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-opengl-dev", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-qt3support", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-script", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql-ibase", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql-mysql", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql-odbc", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql-psql", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql-sqlite", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql-sqlite2", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-svg", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-test", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-webkit", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-webkit-dbg", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-xml", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-xmlpatterns", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-xmlpatterns-dbg", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqtcore4", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqtgui4", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-demos", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-designer", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-dev-tools", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-doc", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-doc-html", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-qmake", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-qtconfig", reference:"4.4.3-1+lenny1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1950.NASL
    descriptionSeveral vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption. - CVE-2009-1687 The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an
    last seen2020-06-01
    modified2020-06-02
    plugin id44815
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44815
    titleDebian DSA-1950-1 : webkit - several vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8039.NASL
    descriptionThis update fixes several security issues in KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet) work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU machines fail was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40412
    published2009-07-29
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40412
    titleFedora 11 : kdelibs-4.2.4-6.fc11 (2009-8039)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8020.NASL
    descriptionThis update fixes several security issues in the KDE 3 compatibility version of KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, the package was fixed to build with the latest version of automake, and the following fixes and improvements were merged from the Fedora 11 package: * slight speedup to /etc/profile.d/kde.sh, - fixed unowned directories, * fixed harmless (as the file contents match) file conflicts with KDE 4.2.x, * fixed build with GCC 4.4 (but this package is built with Fedora 10
    last seen2020-06-01
    modified2020-06-02
    plugin id40411
    published2009-07-29
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40411
    titleFedora 10 : kdelibs3-3.5.10-13.fc10 (2009-8020)
  • NASL familyWindows
    NASL idSAFARI_4.0.NASL
    descriptionThe version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id39339
    published2009-06-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39339
    titleSafari < 4.0 Multiple Vulnerabilities
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-346.NASL
    descriptionMandriva Linux 2008.0 was released with KDE version 3.5.7. This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10, which brings many bugfixes, overall improvements and many security fixes. kdegraphics contains security fixes for CVE-2009-3603,3604,3605,3606,3608,3609,0146,0147,0165,0166,0799,0800,1 179,1180,1181,1182,1183 kdelibs contains security fixes for CVE-2009-0689,1687,1690,1698,2702,1725,2537 Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
    last seen2020-06-01
    modified2020-06-02
    plugin id43613
    published2009-12-30
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43613
    titleMandriva Linux Security Advisory : kde (MDVSA-2009:346)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8049.NASL
    descriptionThis update fixes several security issues in KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet) work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU machines fail was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40414
    published2009-07-29
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40414
    titleFedora 10 : kdelibs-4.2.4-6.fc10 (2009-8049)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-027.NASL
    descriptionMultiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id48170
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48170
    titleMandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:027)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_KDELIBS3-101104.NASL
    descriptionThe following vulnerabilities in kdelibs3
    last seen2020-06-01
    modified2020-06-02
    plugin id53666
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53666
    titleopenSUSE Security Update : kdelibs3 (openSUSE-SU-2010:1034-1)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1127.NASL
    descriptionUpdated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A flaw was found in the way the KDE CSS parser handled content for the CSS
    last seen2020-06-01
    modified2020-06-02
    plugin id43763
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43763
    titleCentOS 5 : kdelibs (CESA-2009:1127)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-822-1.NASL
    descriptionIt was discovered that KDE-Libs did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.04. (CVE-2009-0945) It was discovered that the KDE JavaScript garbage collector did not properly handle memory allocation failures. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687) It was discovered that KDE-Libs did not properly handle HTML content in the head element. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1690) It was discovered that KDE-Libs did not properly handle the Cascading Style Sheets (CSS) attr function call. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1698). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40767
    published2009-08-25
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40767
    titleUbuntu 8.04 LTS / 8.10 / 9.04 : kde4libs, kdelibs vulnerabilities (USN-822-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1867.NASL
    descriptionSeveral security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. - CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. - CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website.
    last seen2020-06-01
    modified2020-06-02
    plugin id44732
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44732
    titleDebian DSA-1867-1 : kdelibs - several vulnerabilities
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1127.NASL
    descriptionFrom Red Hat Security Advisory 2009:1127 : Updated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A flaw was found in the way the KDE CSS parser handled content for the CSS
    last seen2020-06-01
    modified2020-06-02
    plugin id67882
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67882
    titleOracle Linux 4 / 5 : kdelibs (ELSA-2009-1127)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8046.NASL
    descriptionThis update fixes several security issues in the KDE 3 compatibility version of KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, the package was fixed to build with the latest version of automake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40413
    published2009-07-29
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40413
    titleFedora 11 : kdelibs3-3.5.10-13.fc11 (2009-8046)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1127.NASL
    descriptionUpdated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A flaw was found in the way the KDE CSS parser handled content for the CSS
    last seen2020-06-01
    modified2020-06-02
    plugin id39529
    published2009-06-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39529
    titleRHEL 4 / 5 : kdelibs (RHSA-2009:1127)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1868.NASL
    descriptionSeveral security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. - CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. - CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. The oldstable distribution (etch) does not contain kde4libs.
    last seen2020-06-01
    modified2020-06-02
    plugin id44733
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44733
    titleDebian DSA-1868-1 : kde4libs - several vulnerabilities
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090625_KDELIBS_ON_SL4_X.NASL
    descriptionA flaw was found in the way the KDE CSS parser handled content for the CSS
    last seen2020-06-01
    modified2020-06-02
    plugin id60606
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60606
    titleScientific Linux Security Update : kdelibs on SL4.x, SL5.x i386/x86_64
  • NASL familyWindows
    NASL idGOOGLE_CHROME_2_0_172_31.NASL
    descriptionThe version of Google Chrome installed on the remote host is earlier than 2.0.172.31. It thus is reportedly affected by multiple issues : - A memory corruption issue exists in the way the WebKit handles recursion in certain DOM event handlers. Successful exploitation of this issue could allow arbitrary code execution within the Google Chrome sandbox. (CVE-2009-1690) - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id39356
    published2009-06-11
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39356
    titleGoogle Chrome < 2.0.172.31 WebKit Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-836-1.NASL
    descriptionIt was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that WebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id41606
    published2009-09-24
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/41606
    titleUbuntu 8.10 / 9.04 : webkit vulnerabilities (USN-836-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_LIBWEBKIT-110111.NASL
    descriptionVarious bugs in webkit have been fixed. The CVE id
    last seen2020-06-01
    modified2020-06-02
    plugin id53764
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53764
    titleopenSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI4_0.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0. As such, it is potentially affected by numerous issues in the following components : - CFNetwork - libxml - Safari - WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id39338
    published2009-06-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39338
    titleMac OS X : Apple Safari < 4.0
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KDELIBS3-7217.NASL
    descriptionAn invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id51089
    published2010-12-09
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51089
    titleSuSE 10 Security Update : kdelibs (ZYPP Patch Number 7217)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_LIBWEBKIT-110104.NASL
    descriptionVarious bugs in webkit have been fixed. The CVE id
    last seen2020-06-01
    modified2020-06-02
    plugin id75629
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75629
    titleopenSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)

Oval

accepted2013-04-29T04:10:42.458-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionUse-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
familyunix
idoval:org.mitre.oval:def:11009
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleUse-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
version27

Redhat

rpms
  • kdelibs-6:3.3.1-14.el4
  • kdelibs-6:3.5.4-22.el5_3
  • kdelibs-apidocs-6:3.5.4-22.el5_3
  • kdelibs-debuginfo-6:3.3.1-14.el4
  • kdelibs-debuginfo-6:3.5.4-22.el5_3
  • kdelibs-devel-6:3.3.1-14.el4
  • kdelibs-devel-6:3.5.4-22.el5_3

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 35260 CVE(CAN) ID: CVE-2009-1718,CVE-2009-1715,CVE-2009-1714,CVE-2009-1713,CVE-2009-1712,CVE-2009-1711,CVE-2009-1710,CVE-2009-1709,CVE-2009-1703,CVE-2009-1702,CVE-2009-1701,CVE-2009-1700,CVE-2009-1699,CVE-2009-1698,CVE-2009-1697,CVE-2009-1696,CVE-2009-1695,CVE-2009-1694,CVE-2009-1693,CVE-2009-1691,CVE-2009-1690,CVE-2009-1689,CVE-2009-1688,CVE-2009-1687,CVE-2009-1686,CVE-2009-1685,CVE-2009-1684,CVE-2009-1681,CVE-2009-1708,CVE-2009-1707,CVE-2009-1706,CVE-2009-1682,CVE-2009-1705,CVE-2009-1716,CVE-2009-1704 Safari是苹果家族机器操作系统中默认捆绑的WEB浏览器。 远程攻击者可以利用Safari浏览器中的多个内存破坏和设计错误导致拒绝服务、执行任意代码或执行网络钓鱼攻击。 CVE-2009-1704 safe类型的文件在下载后未经警告用户便会由Safari显示。Safari中的漏洞可能导致无法确认某些本地图形文件的文件类型。在这种情况下,Safari会检查这些文件的内容并可能将其处理为HTML。如果文件包含有JavaScript,就会在本地安全环境中执行。对于下载的文件,不应未经提示用户便执行。 CVE-2009-1716 CFNetwork在下载时以不安全方式创建临时文件,本地用户可以在下载时访问其他用户的文件,导致泄漏敏感信息。 CVE-2009-1705 处理TrueType字体时存在内存破坏漏洞,自动提示字体时的算术错误可能触发内存破坏。 CVE-2009-1682 Safari处理EV证书时的错误可能导致绕过撤销检查,这可能允许未经发布已撤销EV证书警告便加载页面。 CVE-2009-1706 Safari的Private Browsing功能允许用户在进行浏览时不在磁盘上留下浏览器会话的证据。该功能中的实现漏洞可能导致在保密浏览结束后在磁盘上留下Cookie,意外泄漏敏感信息。 CVE-2009-1707 在“重置Safari...”菜单选项中点击了“重置保存的名称和口令”的“重置”键后,Safari可能需要30秒钟才能清除口令。在这个时间窗口访问了系统的用户可以访问储存的凭据。 CVE-2009-1708 Safari的open-help-anchor URL处理器可能允许恶意网站打开本地帮助文件,导致泄漏敏感信息或执行任意代码。 CVE-2009-1681 用于限制网站间交互的同源策略机制中存在设计问题,该策略允许网站将第三方网站的网页加载到子帧,这个帧可能导致点击劫持攻击。 CVE-2009-1684 JavaScript环境隔离中存在跨站脚本漏洞,恶意网页可能使用事件处理器在其窗口或帧所加载的下一个网页的安全环境中执行脚本。 CVE-2009-1685 JavaScript环境隔离中存在跨站脚本漏洞,用户受骗访问了恶意站点就会导致覆盖不同安全区所提供的嵌入式或父文档的document.implementation。 CVE-2009-1686 WebKit的JavaScript异常处理中存在类型转换问题。在尝试对声明为常量的变量分配异常时,对象会被赋值为无效类型,导致内存破坏。 CVE-2009-1687 WebKit的JavaScript垃圾收集器中存在内存破坏。如果分配失败,可能出现对空指针偏移的写操作,导致应用程序意外终止或执行任意代码。 CVE-2009-1688 WebKit没有使用HTML 5标准方法确定指定脚本相关的安全环境,WebKit方法中的实现问题在某些条件下可能导致跨站脚本攻击。 CVE-2009-1689 WebKit中存在跨站脚本漏洞,包含有提交给about:blank表单的恶意网站可以同步替换文档的安全环境,导致在新的安全环境中运行正在执行的脚本。 CVE-2009-1690 WebKit处理某些DOM事件处理器中的递归时存在内存破坏,访问恶意网站可能导致应用程序意外终止或执行任意代码。 CVE-2009-1691 Safari中的跨站脚本漏洞允许恶意网站更改不同域所提供网站的标准JavaScript原型。如果用户受骗访问了恶意网页,攻击者就可以更改其他网站所提供的 JavaScript的执行。 CVE-2009-1693 WebKit中存在跨站图形抓取漏洞,恶意网站可以使用带有SVG图形的画布加载并抓取其他网站的图形。 CVE-2009-1694 WebKit中存在跨站图形抓取漏洞,恶意网站可以使用画布和重新定向加载并抓取其他网站的图形。 CVE-2009-1695 WebKit允许HTML文档在页面过渡之后访问帧的内容,这可能允许恶意网站执行跨站脚本攻击。 CVE-2009-1696 Safari使用可预测的算法为JavaScript应用生成随机数,这可能允许网站无需使用cookie、隐藏表单元素、IP地址等技术便可追踪特定的Safari会话。 CVE-2009-1697 在处理WebKit的XMLHttpRequest头时存在CRLF注入漏洞,可能允许恶意网站通过发布缺少Host头的XMLHttpRequest绕过同源策略。缺少Host头的XMLHttpRequest可能到达同一服务 器上的其他网站,允许攻击者所提供的JavaScript与这些网站交互。 CVE-2009-1698 处理CSS attr函数时存在未初始化的指针漏洞,查看恶意网页可能导致应用程序意外终止或执行任意代码。 CVE-2009-1699 WebKit处理XML时存在XML外部实体漏洞,恶意汪涵可以从用户系统读取文件。 CVE-2009-1700 WebKit在处理XSLT时没有正确的处理重新定向,这可能允许恶意网站从其他网站的页面检索XML内容,导致泄漏敏感信息。 CVE-2009-1701 WebKit处理JavaScript DOM时存在释放后使用漏洞,访问恶意网站可能导致应用程序意外终止或执行任意代码。 CVE-2009-1702 WebKit处理位置和历史对象时存在漏洞,访问恶意网站可能导致跨站脚本攻击。 CVE-2009-1703 WebKit处理音频和视频HTML元素可能允许远程网站引用本地file: URL,恶意网站可以检查文件是否存在。 CVE-2009-1709 WebKit处理SVG动画元素时存在释放后使用漏洞,访问恶意站点可能导致应用程序意外终止或执行任意代码。 CVE-2009-1710 恶意网站可以通过指定很大的几乎透明的自定义光标并调整CSS3热点属性来伪造浏览器UI元素,如主机名和安全指示符。 CVE-2009-1711 WebKit处理Attr DOM对象时存在未初始化内存访问漏洞,访问恶意站点可能导致应用程序意外终止或执行任意代码。 CVE-2009-1712 WebKit允许远程网站加载本地系统的Java applet。本地applet不应远程加载,可能允许远程站点执行任意代码或许可非预期的权限。 CVE-2009-1713 WebKit在实现XSLT文档中所使用的document()函数时存在信息泄露漏洞,恶意站点可以读取其他安全区中的文件。 CVE-2009-1714 Web Inspector中的漏洞允许正在检查的页面以提升的权限运行注入的脚本,包括读取用户的文件系统。 CVE-2009-1715 Web Inspector中的漏洞允许正在检查的页面以提升的权限运行注入的脚本,包括读取用户的文件系统。 CVE-2009-1718 WebKit处理拖放事件中的漏洞可能导致在从恶意网页拖放内容时泄露敏感信息。 Apple Safari &lt; 4.0 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://www.apple.com/safari/download/" target="_blank" rel=external nofollow>http://www.apple.com/safari/download/</a>
idSSV:11574
last seen2017-11-19
modified2009-06-11
published2009-06-11
reporterRoot
titleApple Safari 4.0多个安全漏洞