Vulnerabilities > CVE-2009-1709 - Resource Management Errors vulnerability in Apple Safari
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1130.NASL description Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment (KDE). Scalable Vector Graphics (SVG) is an XML-based language to describe vector images. KSVG is a framework aimed at implementing the latest W3C SVG specifications. A use-after-free flaw was found in the KDE KSVG animation element implementation. A remote attacker could create a specially crafted SVG image, which once opened by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1709) A NULL pointer dereference flaw was found in the KDE, KSVG SVGList interface implementation. A remote attacker could create a specially crafted SVG image, which once opened by an unsuspecting user, would cause memory corruption, leading to a denial of service (Konqueror crash). (CVE-2009-0945) All users of kdegraphics should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 43764 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43764 title CentOS 5 : kdegraphics (CESA-2009:1130) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:1130 and # CentOS Errata and Security Advisory 2009:1130 respectively. # include("compat.inc"); if (description) { script_id(43764); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2009-0945", "CVE-2009-1709"); script_bugtraq_id(34924, 35334); script_xref(name:"RHSA", value:"2009:1130"); script_name(english:"CentOS 5 : kdegraphics (CESA-2009:1130)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment (KDE). Scalable Vector Graphics (SVG) is an XML-based language to describe vector images. KSVG is a framework aimed at implementing the latest W3C SVG specifications. A use-after-free flaw was found in the KDE KSVG animation element implementation. A remote attacker could create a specially crafted SVG image, which once opened by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1709) A NULL pointer dereference flaw was found in the KDE, KSVG SVGList interface implementation. A remote attacker could create a specially crafted SVG image, which once opened by an unsuspecting user, would cause memory corruption, leading to a denial of service (Konqueror crash). (CVE-2009-0945) All users of kdegraphics should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2009-June/016009.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bcf5d239" ); # https://lists.centos.org/pipermail/centos-announce/2009-June/016010.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f9fd7ed0" ); script_set_attribute( attribute:"solution", value:"Update the affected kdegraphics packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(94, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:kdegraphics-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/05/13"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"kdegraphics-3.5.4-13.el5_3")) flag++; if (rpm_check(release:"CentOS-5", reference:"kdegraphics-devel-3.5.4-13.el5_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdegraphics / kdegraphics-devel"); }NASL family Windows NASL id SAFARI_4.0.NASL description The version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 39339 published 2009-06-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39339 title Safari < 4.0 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(39339); script_version("1.30"); script_cvs_date("Date: 2018/07/27 18:38:15"); script_cve_id("CVE-2006-2783", "CVE-2008-1588", "CVE-2008-2320", "CVE-2008-2321", "CVE-2008-3281", "CVE-2008-3529", "CVE-2008-3632", "CVE-2008-4225", "CVE-2008-4226", "CVE-2008-4231", "CVE-2008-4409", "CVE-2009-0040", "CVE-2009-0145", "CVE-2009-0153", "CVE-2009-0946", "CVE-2009-1179", "CVE-2009-1681", "CVE-2009-1682", "CVE-2009-1684", "CVE-2009-1685", "CVE-2009-1686", "CVE-2009-1687", "CVE-2009-1688", "CVE-2009-1689", "CVE-2009-1690", "CVE-2009-1691", "CVE-2009-1693", "CVE-2009-1694", "CVE-2009-1695", "CVE-2009-1696", "CVE-2009-1697", "CVE-2009-1698", "CVE-2009-1699", "CVE-2009-1700", "CVE-2009-1701", "CVE-2009-1702", "CVE-2009-1703", "CVE-2009-1704", "CVE-2009-1705", "CVE-2009-1706", "CVE-2009-1707", "CVE-2009-1708", "CVE-2009-1709", "CVE-2009-1710", "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1714", "CVE-2009-1715", "CVE-2009-1716", "CVE-2009-1718", "CVE-2009-2027", "CVE-2009-2420", "CVE-2009-2421"); script_bugtraq_id(30487, 31092, 32326, 33276, 35260, 35270, 35271, 35272, 35283, 35284, 35308, 35309, 35310, 35311, 35315, 35317, 35318, 35319, 35320, 35321, 35322, 35325, 35327, 35328, 35330, 35331, 35332, 35333, 35334, 35339, 35340, 35344, 35346, 35347, 35348, 35349, 35350, 35351, 35352, 35353, 35481, 35482); script_name(english:"Safari < 4.0 Multiple Vulnerabilities"); script_summary(english:"Checks Safari's version number"); script_set_attribute(attribute:"synopsis", value: "The remote host contains a web browser that is affected by several vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit"); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT3613"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Jun/msg00002.html"); script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/advisories/17079"); script_set_attribute(attribute:"solution", value:"Upgrade to Safari 4.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 79, 94, 119, 189, 200, 255, 264, 310, 362, 399); script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:safari"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("safari_installed.nasl"); script_require_keys("SMB/Safari/FileVersion"); exit(0); } include("global_settings.inc"); path = get_kb_item("SMB/Safari/Path"); version = get_kb_item("SMB/Safari/FileVersion"); if (isnull(version)) exit(0); ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if ( ver[0] < 4 || ( ver[0] == 4 && ( ver[1] < 530 || (ver[1] == 530 && ver[2] < 17) ) ) ) { if (report_verbosity > 0) { if (isnull(path)) path = "n/a"; prod_version = get_kb_item("SMB/Safari/ProductVersion"); if (!isnull(prod_version)) version = prod_version; report = string( "\n", "Nessus collected the following information about the current install\n", "of Safari on the remote host :\n", "\n", " Version : ", version, "\n", " Path : ", path, "\n" ); security_hole(port:get_kb_item("SMB/transport"), extra:report); } else security_hole(get_kb_item("SMB/transport")); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1130.NASL description Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment (KDE). Scalable Vector Graphics (SVG) is an XML-based language to describe vector images. KSVG is a framework aimed at implementing the latest W3C SVG specifications. A use-after-free flaw was found in the KDE KSVG animation element implementation. A remote attacker could create a specially crafted SVG image, which once opened by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1709) A NULL pointer dereference flaw was found in the KDE, KSVG SVGList interface implementation. A remote attacker could create a specially crafted SVG image, which once opened by an unsuspecting user, would cause memory corruption, leading to a denial of service (Konqueror crash). (CVE-2009-0945) All users of kdegraphics should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 39531 published 2009-06-26 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39531 title RHEL 5 : kdegraphics (RHSA-2009:1130) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:1130. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(39531); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:14"); script_cve_id("CVE-2009-0945", "CVE-2009-1709"); script_bugtraq_id(34924, 35334); script_xref(name:"RHSA", value:"2009:1130"); script_name(english:"RHEL 5 : kdegraphics (RHSA-2009:1130)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment (KDE). Scalable Vector Graphics (SVG) is an XML-based language to describe vector images. KSVG is a framework aimed at implementing the latest W3C SVG specifications. A use-after-free flaw was found in the KDE KSVG animation element implementation. A remote attacker could create a specially crafted SVG image, which once opened by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1709) A NULL pointer dereference flaw was found in the KDE, KSVG SVGList interface implementation. A remote attacker could create a specially crafted SVG image, which once opened by an unsuspecting user, would cause memory corruption, leading to a denial of service (Konqueror crash). (CVE-2009-0945) All users of kdegraphics should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0945" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-1709" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2009:1130" ); script_set_attribute( attribute:"solution", value:"Update the affected kdegraphics and / or kdegraphics-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_cwe_id(94, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kdegraphics-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5.3"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/05/13"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/26"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2009:1130"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kdegraphics-3.5.4-13.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kdegraphics-3.5.4-13.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"i386", reference:"kdegraphics-devel-3.5.4-13.el5_3")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"kdegraphics-devel-3.5.4-13.el5_3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kdegraphics / kdegraphics-devel"); } }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-182.NASL description A vulnerability has been found and corrected in kdegraphics (ksvg) : Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified caches. (CVE-2009-1709) Packages for 2008.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 49254 published 2010-09-16 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/49254 title Mandriva Linux Security Advisory : kdegraphics (MDVSA-2010:182) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:182. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(49254); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2009-1709"); script_bugtraq_id(35334); script_xref(name:"MDVSA", value:"2010:182"); script_name(english:"Mandriva Linux Security Advisory : kdegraphics (MDVSA-2010:182)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability has been found and corrected in kdegraphics (ksvg) : Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified caches. (CVE-2009-1709) Packages for 2008.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kcolorchooser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kcoloredit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kdvi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kfax"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kghostview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kiconedit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kolourpaint"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kooka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kpdf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kpovmodeler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kruler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-ksnapshot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-ksvg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kuickshow"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-kview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kdegraphics-mrmlsearch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-common-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kghostview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kghostview-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kooka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kooka-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kpovmodeler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kpovmodeler-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-ksvg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-ksvg-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64kdegraphics0-kview-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-common-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kghostview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kghostview-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kooka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kooka-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kpovmodeler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kpovmodeler-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-ksvg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-ksvg-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kview"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkdegraphics0-kview-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/09/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/16"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-common-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-kcolorchooser-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-kcoloredit-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-kdvi-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-kfax-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-kghostview-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-kiconedit-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-kolourpaint-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-kooka-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-kpdf-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-kpovmodeler-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-kruler-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-ksnapshot-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-ksvg-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-kuickshow-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-kview-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", reference:"kdegraphics-mrmlsearch-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64kdegraphics0-common-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64kdegraphics0-common-devel-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64kdegraphics0-kghostview-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64kdegraphics0-kghostview-devel-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64kdegraphics0-kooka-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64kdegraphics0-kooka-devel-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64kdegraphics0-kpovmodeler-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64kdegraphics0-kpovmodeler-devel-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64kdegraphics0-ksvg-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64kdegraphics0-ksvg-devel-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64kdegraphics0-kview-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64kdegraphics0-kview-devel-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libkdegraphics0-common-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libkdegraphics0-common-devel-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libkdegraphics0-kghostview-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libkdegraphics0-kghostview-devel-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libkdegraphics0-kooka-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libkdegraphics0-kooka-devel-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libkdegraphics0-kpovmodeler-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libkdegraphics0-kpovmodeler-devel-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libkdegraphics0-ksvg-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libkdegraphics0-ksvg-devel-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libkdegraphics0-kview-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libkdegraphics0-kview-devel-3.5.10-0.3mdv2008.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE_KDEGRAPHICS3-7235.NASL description Various pointer dereferencing vulnerabilities in kdegraphics3 last seen 2020-06-01 modified 2020-06-02 plugin id 51113 published 2010-12-10 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/51113 title SuSE 10 Security Update : kdegraphics (ZYPP Patch Number 7235) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(51113); script_version ("1.8"); script_cvs_date("Date: 2019/10/25 13:36:40"); script_cve_id("CVE-2009-0945", "CVE-2009-1709", "CVE-2010-3702", "CVE-2010-3703", "CVE-2010-3704"); script_name(english:"SuSE 10 Security Update : kdegraphics (ZYPP Patch Number 7235)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Various pointer dereferencing vulnerabilities in kdegraphics3's KSVG have been fixed. CVE-2009-1709 / CVE-2009-0945 have been assigned to this issue. Also specially crafted PDF files could crash kpdf or potentially even cause execution of arbitrary code. (CVE-2010-3702 / CVE-2010-3703 / CVE-2010-3704)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0945.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-1709.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-3702.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-3703.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2010-3704.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 7235."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(94, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/11/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/12/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:3, reference:"kdegraphics3-3.5.1-23.30.4")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"kdegraphics3-devel-3.5.1-23.30.4")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"kdegraphics3-fax-3.5.1-23.30.4")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"kdegraphics3-kamera-3.5.1-23.30.4")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"kdegraphics3-pdf-3.5.1-23.30.4")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"kdegraphics3-postscript-3.5.1-23.30.4")) flag++; if (rpm_check(release:"SLED10", sp:3, reference:"kdegraphics3-scan-3.5.1-23.30.4")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"kdegraphics3-3.5.1-23.30.4")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"kdegraphics3-devel-3.5.1-23.30.4")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"kdegraphics3-extra-3.5.1-23.30.4")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"kdegraphics3-fax-3.5.1-23.30.4")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"kdegraphics3-pdf-3.5.1-23.30.4")) flag++; if (rpm_check(release:"SLES10", sp:3, reference:"kdegraphics3-postscript-3.5.1-23.30.4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1866.NASL description Two security issues have been discovered in kdegraphics, the graphics apps from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 It was discovered that the KSVG animation element implementation suffers from a NULL pointer dereference flaw, which could lead to the execution of arbitrary code. - CVE-2009-1709 It was discovered that the KSVG animation element implementation is prone to a use-after-free flaw, which could lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 44731 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44731 title Debian DSA-1866-1 : kdegraphics - several vulnerabilities NASL family Scientific Linux Local Security Checks NASL id SL_20090625_KDEGRAPHICS_ON_SL5_X.NASL description A use-after-free flaw was found in the KDE KSVG animation element implementation. A remote attacker could create a specially crafted SVG image, which once opened by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1709) A NULL pointer dereference flaw was found in the KDE, KSVG SVGList interface implementation. A remote attacker could create a specially crafted SVG image, which once opened by an unsuspecting user, would cause memory corruption, leading to a denial of service (Konqueror crash). (CVE-2009-0945) The desktop must be restarted (log out, then log back in) for this update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 60604 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60604 title Scientific Linux Security Update : kdegraphics on SL5.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_1_KDEGRAPHICS3-101104.NASL description Various pointer dereferencing vulnerabilities in kdegraphics3 last seen 2020-06-01 modified 2020-06-02 plugin id 53665 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53665 title openSUSE Security Update : kdegraphics3 (openSUSE-SU-2010:1035-1) NASL family SuSE Local Security Checks NASL id SUSE_11_2_LIBWEBKIT-110111.NASL description Various bugs in webkit have been fixed. The CVE id last seen 2020-06-01 modified 2020-06-02 plugin id 53764 published 2011-05-05 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/53764 title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-823-1.NASL description It was discovered that KDE-Graphics did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 65118 published 2013-03-09 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65118 title Ubuntu 8.04 LTS : kdegraphics vulnerabilities (USN-823-1) NASL family MacOS X Local Security Checks NASL id MACOSX_SAFARI4_0.NASL description The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0. As such, it is potentially affected by numerous issues in the following components : - CFNetwork - libxml - Safari - WebKit last seen 2020-06-01 modified 2020-06-02 plugin id 39338 published 2009-06-09 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39338 title Mac OS X : Apple Safari < 4.0 NASL family SuSE Local Security Checks NASL id SUSE_11_3_LIBWEBKIT-110104.NASL description Various bugs in webkit have been fixed. The CVE id last seen 2020-06-01 modified 2020-06-02 plugin id 75629 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75629 title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
Oval
| accepted | 2013-04-29T04:02:28.569-04:00 | ||||||||||||
| class | vulnerability | ||||||||||||
| contributors |
| ||||||||||||
| definition_extensions |
| ||||||||||||
| description | Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches." | ||||||||||||
| family | unix | ||||||||||||
| id | oval:org.mitre.oval:def:10162 | ||||||||||||
| status | accepted | ||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||
| title | Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches." | ||||||||||||
| version | 18 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 35260 CVE(CAN) ID: CVE-2009-1718,CVE-2009-1715,CVE-2009-1714,CVE-2009-1713,CVE-2009-1712,CVE-2009-1711,CVE-2009-1710,CVE-2009-1709,CVE-2009-1703,CVE-2009-1702,CVE-2009-1701,CVE-2009-1700,CVE-2009-1699,CVE-2009-1698,CVE-2009-1697,CVE-2009-1696,CVE-2009-1695,CVE-2009-1694,CVE-2009-1693,CVE-2009-1691,CVE-2009-1690,CVE-2009-1689,CVE-2009-1688,CVE-2009-1687,CVE-2009-1686,CVE-2009-1685,CVE-2009-1684,CVE-2009-1681,CVE-2009-1708,CVE-2009-1707,CVE-2009-1706,CVE-2009-1682,CVE-2009-1705,CVE-2009-1716,CVE-2009-1704 Safari是苹果家族机器操作系统中默认捆绑的WEB浏览器。 远程攻击者可以利用Safari浏览器中的多个内存破坏和设计错误导致拒绝服务、执行任意代码或执行网络钓鱼攻击。 CVE-2009-1704 safe类型的文件在下载后未经警告用户便会由Safari显示。Safari中的漏洞可能导致无法确认某些本地图形文件的文件类型。在这种情况下,Safari会检查这些文件的内容并可能将其处理为HTML。如果文件包含有JavaScript,就会在本地安全环境中执行。对于下载的文件,不应未经提示用户便执行。 CVE-2009-1716 CFNetwork在下载时以不安全方式创建临时文件,本地用户可以在下载时访问其他用户的文件,导致泄漏敏感信息。 CVE-2009-1705 处理TrueType字体时存在内存破坏漏洞,自动提示字体时的算术错误可能触发内存破坏。 CVE-2009-1682 Safari处理EV证书时的错误可能导致绕过撤销检查,这可能允许未经发布已撤销EV证书警告便加载页面。 CVE-2009-1706 Safari的Private Browsing功能允许用户在进行浏览时不在磁盘上留下浏览器会话的证据。该功能中的实现漏洞可能导致在保密浏览结束后在磁盘上留下Cookie,意外泄漏敏感信息。 CVE-2009-1707 在“重置Safari...”菜单选项中点击了“重置保存的名称和口令”的“重置”键后,Safari可能需要30秒钟才能清除口令。在这个时间窗口访问了系统的用户可以访问储存的凭据。 CVE-2009-1708 Safari的open-help-anchor URL处理器可能允许恶意网站打开本地帮助文件,导致泄漏敏感信息或执行任意代码。 CVE-2009-1681 用于限制网站间交互的同源策略机制中存在设计问题,该策略允许网站将第三方网站的网页加载到子帧,这个帧可能导致点击劫持攻击。 CVE-2009-1684 JavaScript环境隔离中存在跨站脚本漏洞,恶意网页可能使用事件处理器在其窗口或帧所加载的下一个网页的安全环境中执行脚本。 CVE-2009-1685 JavaScript环境隔离中存在跨站脚本漏洞,用户受骗访问了恶意站点就会导致覆盖不同安全区所提供的嵌入式或父文档的document.implementation。 CVE-2009-1686 WebKit的JavaScript异常处理中存在类型转换问题。在尝试对声明为常量的变量分配异常时,对象会被赋值为无效类型,导致内存破坏。 CVE-2009-1687 WebKit的JavaScript垃圾收集器中存在内存破坏。如果分配失败,可能出现对空指针偏移的写操作,导致应用程序意外终止或执行任意代码。 CVE-2009-1688 WebKit没有使用HTML 5标准方法确定指定脚本相关的安全环境,WebKit方法中的实现问题在某些条件下可能导致跨站脚本攻击。 CVE-2009-1689 WebKit中存在跨站脚本漏洞,包含有提交给about:blank表单的恶意网站可以同步替换文档的安全环境,导致在新的安全环境中运行正在执行的脚本。 CVE-2009-1690 WebKit处理某些DOM事件处理器中的递归时存在内存破坏,访问恶意网站可能导致应用程序意外终止或执行任意代码。 CVE-2009-1691 Safari中的跨站脚本漏洞允许恶意网站更改不同域所提供网站的标准JavaScript原型。如果用户受骗访问了恶意网页,攻击者就可以更改其他网站所提供的 JavaScript的执行。 CVE-2009-1693 WebKit中存在跨站图形抓取漏洞,恶意网站可以使用带有SVG图形的画布加载并抓取其他网站的图形。 CVE-2009-1694 WebKit中存在跨站图形抓取漏洞,恶意网站可以使用画布和重新定向加载并抓取其他网站的图形。 CVE-2009-1695 WebKit允许HTML文档在页面过渡之后访问帧的内容,这可能允许恶意网站执行跨站脚本攻击。 CVE-2009-1696 Safari使用可预测的算法为JavaScript应用生成随机数,这可能允许网站无需使用cookie、隐藏表单元素、IP地址等技术便可追踪特定的Safari会话。 CVE-2009-1697 在处理WebKit的XMLHttpRequest头时存在CRLF注入漏洞,可能允许恶意网站通过发布缺少Host头的XMLHttpRequest绕过同源策略。缺少Host头的XMLHttpRequest可能到达同一服务 器上的其他网站,允许攻击者所提供的JavaScript与这些网站交互。 CVE-2009-1698 处理CSS attr函数时存在未初始化的指针漏洞,查看恶意网页可能导致应用程序意外终止或执行任意代码。 CVE-2009-1699 WebKit处理XML时存在XML外部实体漏洞,恶意汪涵可以从用户系统读取文件。 CVE-2009-1700 WebKit在处理XSLT时没有正确的处理重新定向,这可能允许恶意网站从其他网站的页面检索XML内容,导致泄漏敏感信息。 CVE-2009-1701 WebKit处理JavaScript DOM时存在释放后使用漏洞,访问恶意网站可能导致应用程序意外终止或执行任意代码。 CVE-2009-1702 WebKit处理位置和历史对象时存在漏洞,访问恶意网站可能导致跨站脚本攻击。 CVE-2009-1703 WebKit处理音频和视频HTML元素可能允许远程网站引用本地file: URL,恶意网站可以检查文件是否存在。 CVE-2009-1709 WebKit处理SVG动画元素时存在释放后使用漏洞,访问恶意站点可能导致应用程序意外终止或执行任意代码。 CVE-2009-1710 恶意网站可以通过指定很大的几乎透明的自定义光标并调整CSS3热点属性来伪造浏览器UI元素,如主机名和安全指示符。 CVE-2009-1711 WebKit处理Attr DOM对象时存在未初始化内存访问漏洞,访问恶意站点可能导致应用程序意外终止或执行任意代码。 CVE-2009-1712 WebKit允许远程网站加载本地系统的Java applet。本地applet不应远程加载,可能允许远程站点执行任意代码或许可非预期的权限。 CVE-2009-1713 WebKit在实现XSLT文档中所使用的document()函数时存在信息泄露漏洞,恶意站点可以读取其他安全区中的文件。 CVE-2009-1714 Web Inspector中的漏洞允许正在检查的页面以提升的权限运行注入的脚本,包括读取用户的文件系统。 CVE-2009-1715 Web Inspector中的漏洞允许正在检查的页面以提升的权限运行注入的脚本,包括读取用户的文件系统。 CVE-2009-1718 WebKit处理拖放事件中的漏洞可能导致在从恶意网页拖放内容时泄露敏感信息。 Apple Safari < 4.0 厂商补丁: Apple ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://www.apple.com/safari/download/" target="_blank" rel=external nofollow>http://www.apple.com/safari/download/</a> |
| id | SSV:11574 |
| last seen | 2017-11-19 |
| modified | 2009-06-11 |
| published | 2009-06-11 |
| reporter | Root |
| title | Apple Safari 4.0多个安全漏洞 |
References
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
- http://osvdb.org/55013
- http://secunia.com/advisories/35379
- http://secunia.com/advisories/35576
- http://secunia.com/advisories/36461
- http://secunia.com/advisories/43068
- http://securitytracker.com/id?1022345
- http://support.apple.com/kb/HT3613
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:182
- http://www.redhat.com/support/errata/RHSA-2009-1130.html
- http://www.securityfocus.com/bid/35260
- http://www.securityfocus.com/bid/35334
- http://www.vupen.com/english/advisories/2009/1522
- http://www.vupen.com/english/advisories/2011/0212
- http://www.zerodayinitiative.com/advisories/ZDI-09-034/
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10162
- https://usn.ubuntu.com/823-1/