Vulnerabilities > CVE-2009-1725 - Numeric Errors vulnerability in Apple Safari

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
apple
CWE-189
critical
nessus

Summary

WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

Vulnerable Configurations

Part Description Count
Application
Apple
83
OS
Apple
55
Hardware
Apple
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-857-1.NASL
    descriptionIt was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the QtWebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that QtWebKit did not properly handle certain XSL stylesheets. If a user were tricked into viewing a malicious website, an attacker could exploit this to read arbitrary local files, and possibly files from different security zones. (CVE-2009-1699, CVE-2009-1713) It was discovered that QtWebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id42467
    published2009-11-11
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42467
    titleUbuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-857-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(42467);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:33:02");
    
      script_cve_id("CVE-2009-0945", "CVE-2009-1687", "CVE-2009-1690", "CVE-2009-1698", "CVE-2009-1699", "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1725");
      script_bugtraq_id(34924, 35271, 35309, 35318);
      script_xref(name:"USN", value:"857-1");
    
      script_name(english:"Ubuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that QtWebKit did not properly handle certain
    SVGPathList data structures. If a user were tricked into viewing a
    malicious website, an attacker could exploit this to execute arbitrary
    code with the privileges of the user invoking the program.
    (CVE-2009-0945)
    
    Several flaws were discovered in the QtWebKit browser and JavaScript
    engines. If a user were tricked into viewing a malicious website, a
    remote attacker could cause a denial of service or possibly execute
    arbitrary code with the privileges of the user invoking the program.
    (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711,
    CVE-2009-1725)
    
    It was discovered that QtWebKit did not properly handle certain XSL
    stylesheets. If a user were tricked into viewing a malicious website,
    an attacker could exploit this to read arbitrary local files, and
    possibly files from different security zones. (CVE-2009-1699,
    CVE-2009-1713)
    
    It was discovered that QtWebKit did not prevent the loading of local
    Java applets. If a user were tricked into viewing a malicious website,
    an attacker could exploit this to execute arbitrary code with the
    privileges of the user invoking the program. (CVE-2009-1712).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/857-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(94, 189, 200, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-assistant");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-core");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-dbus");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-designer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-dev-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-gui");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-help");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-network");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-opengl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-opengl-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-qt3support");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-script");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-scripttools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-odbc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-psql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-sql-sqlite2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-svg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-test");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-webkit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-webkit-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-xml");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-xmlpatterns");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqt4-xmlpatterns-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqtcore4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libqtgui4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-demos");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-demos-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-designer");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-dev-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-dev-tools-dbg");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-doc-html");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-qmake");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-qtconfig");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.10 / 9.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-assistant", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-core", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-dbg", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-dbus", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-designer", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-dev", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-gui", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-help", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-network", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-opengl", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-opengl-dev", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-qt3support", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-script", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-mysql", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-odbc", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-psql", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-sqlite", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-sql-sqlite2", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-svg", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-test", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-webkit", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-webkit-dbg", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-xml", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-xmlpatterns", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqt4-xmlpatterns-dbg", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqtcore4", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"libqtgui4", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"qt4-demos", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"qt4-designer", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"qt4-dev-tools", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"qt4-doc", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"qt4-doc-html", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"8.10", pkgname:"qt4-qtconfig", pkgver:"4.4.3-0ubuntu1.4")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-assistant", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-core", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-dbus", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-designer", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-dev", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-dev-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-gui", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-help", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-network", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-opengl", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-opengl-dev", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-qt3support", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-script", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-scripttools", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-mysql", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-odbc", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-psql", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-sqlite", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-sql-sqlite2", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-svg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-test", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-webkit", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-webkit-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-xml", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-xmlpatterns", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqt4-xmlpatterns-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqtcore4", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"libqtgui4", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-demos", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-demos-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-designer", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-dev-tools", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-dev-tools-dbg", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-doc", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-doc-html", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-qmake", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    if (ubuntu_check(osver:"9.04", pkgname:"qt4-qtconfig", pkgver:"4.5.0-0ubuntu4.3")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libqt4-assistant / libqt4-core / libqt4-dbg / libqt4-dbus / etc");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1988.NASL
    descriptionSeveral vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code. - CVE-2009-1687 The JavaScript garbage collector in WebKit, as used in qt4-x11 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an
    last seen2020-06-01
    modified2020-06-02
    plugin id44852
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44852
    titleDebian DSA-1988-1 : qt4-x11 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1988. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(44852);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:22");
    
      script_cve_id("CVE-2009-0945", "CVE-2009-1687", "CVE-2009-1690", "CVE-2009-1698", "CVE-2009-1699", "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1713", "CVE-2009-1725", "CVE-2009-2700");
      script_bugtraq_id(34924, 35271, 35309, 35318);
      script_xref(name:"DSA", value:"1988");
    
      script_name(english:"Debian DSA-1988-1 : qt4-x11 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in qt4-x11, a
    cross-platform C++ application framework. The Common Vulnerabilities
    and Exposures project identifies the following problems :
    
      - CVE-2009-0945
        Array index error in the insertItemBefore method in
        WebKit, as used in qt4-x11, allows remote attackers to
        execute arbitrary code.
    
      - CVE-2009-1687
        The JavaScript garbage collector in WebKit, as used in
        qt4-x11 does not properly handle allocation failures,
        which allows remote attackers to execute arbitrary code
        or cause a denial of service (memory corruption and
        application crash) via a crafted HTML document that
        triggers write access to an 'offset of a NULL pointer.
    
      - CVE-2009-1690
        Use-after-free vulnerability in WebKit, as used in
        qt4-x11, allows remote attackers to execute arbitrary
        code or cause a denial of service (memory corruption and
        application crash) by setting an unspecified property of
        an HTML tag that causes child elements to be freed and
        later accessed when an HTML error occurs.
    
      - CVE-2009-1698
        WebKit in qt4-x11 does not initialize a pointer during
        handling of a Cascading Style Sheets (CSS) attr function
        call with a large numerical argument, which allows
        remote attackers to execute arbitrary code or cause a
        denial of service (memory corruption and application
        crash) via a crafted HTML document.
    
      - CVE-2009-1699
        The XSL stylesheet implementation in WebKit, as used in
        qt4-x11 does not properly handle XML external entities,
        which allows remote attackers to read arbitrary files
        via a crafted DTD.
    
      - CVE-2009-1711
        WebKit in qt4-x11 does not properly initialize memory
        for Attr DOM objects, which allows remote attackers to
        execute arbitrary code or cause a denial of service
        (application crash) via a crafted HTML document.
    
      - CVE-2009-1712
        WebKit in qt4-x11 does not prevent remote loading of
        local Java applets, which allows remote attackers to
        execute arbitrary code, gain privileges, or obtain
        sensitive information via an APPLET or OBJECT element.
    
      - CVE-2009-1713
        The XSLT functionality in WebKit, as used in qt4-x11
        does not properly implement the document function, which
        allows remote attackers to read arbitrary local files
        and files from different security zones.
    
      - CVE-2009-1725
        WebKit in qt4-x11 does not properly handle numeric
        character references, which allows remote attackers to
        execute arbitrary code or cause a denial of service
        (memory corruption and application crash) via a crafted
        HTML document.
    
      - CVE-2009-2700
        qt4-x11 does not properly handle a '\0' character in a
        domain name in the Subject Alternative Name field of an
        X.509 certificate, which allows man-in-the-middle
        attackers to spoof arbitrary SSL servers via a crafted
        certificate issued by a legitimate Certification
        Authority.
    
    The oldstable distribution (etch) is not affected by these problems."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532718"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534946"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538347"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545793"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-0945"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1687"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1690"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1698"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1699"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1711"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1712"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1713"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-1725"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2009-2700"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2010/dsa-1988"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the qt4-x11 packages.
    
    For the stable distribution (lenny), these problems have been fixed in
    version 4.4.3-1+lenny1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
      script_cwe_id(94, 189, 200, 264, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:qt4-x11");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/05/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/02/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"5.0", prefix:"libqt4-assistant", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-core", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-dbg", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-dbus", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-designer", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-dev", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-gui", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-help", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-network", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-opengl", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-opengl-dev", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-qt3support", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-script", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql-ibase", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql-mysql", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql-odbc", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql-psql", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql-sqlite", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-sql-sqlite2", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-svg", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-test", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-webkit", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-webkit-dbg", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-xml", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-xmlpatterns", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqt4-xmlpatterns-dbg", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqtcore4", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"libqtgui4", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-demos", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-designer", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-dev-tools", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-doc", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-doc-html", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-qmake", reference:"4.4.3-1+lenny1")) flag++;
    if (deb_check(release:"5.0", prefix:"qt4-qtconfig", reference:"4.4.3-1+lenny1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1950.NASL
    descriptionSeveral vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption. - CVE-2009-1687 The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an
    last seen2020-06-01
    modified2020-06-02
    plugin id44815
    published2010-02-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/44815
    titleDebian DSA-1950-1 : webkit - several vulnerabilities
  • NASL familyWindows
    NASL idSAFARI_4_0_2.NASL
    descriptionThe version of Safari installed on the remote Windows host is earlier than 4.0.2. Such versions are potentially affected by two issues : - A vulnerability in WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id39767
    published2009-07-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39767
    titleSafari < 4.0.2 Multiple Vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8039.NASL
    descriptionThis update fixes several security issues in KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet) work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU machines fail was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40412
    published2009-07-29
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40412
    titleFedora 11 : kdelibs-4.2.4-6.fc11 (2009-8039)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8020.NASL
    descriptionThis update fixes several security issues in the KDE 3 compatibility version of KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, the package was fixed to build with the latest version of automake, and the following fixes and improvements were merged from the Fedora 11 package: * slight speedup to /etc/profile.d/kde.sh, - fixed unowned directories, * fixed harmless (as the file contents match) file conflicts with KDE 4.2.x, * fixed build with GCC 4.4 (but this package is built with Fedora 10
    last seen2020-06-01
    modified2020-06-02
    plugin id40411
    published2009-07-29
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40411
    titleFedora 10 : kdelibs3-3.5.10-13.fc10 (2009-8020)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_KDELIBS4-101103.NASL
    descriptionAn invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id53667
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53667
    titleopenSUSE Security Update : kdelibs4 (openSUSE-SU-2010:1036-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8800.NASL
    descriptionQt
    last seen2020-06-01
    modified2020-06-02
    plugin id40680
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40680
    titleFedora 11 : qt-4.5.2-2.fc11 (2009-8800)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-346.NASL
    descriptionMandriva Linux 2008.0 was released with KDE version 3.5.7. This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10, which brings many bugfixes, overall improvements and many security fixes. kdegraphics contains security fixes for CVE-2009-3603,3604,3605,3606,3608,3609,0146,0147,0165,0166,0799,0800,1 179,1180,1181,1182,1183 kdelibs contains security fixes for CVE-2009-0689,1687,1690,1698,2702,1725,2537 Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
    last seen2020-06-01
    modified2020-06-02
    plugin id43613
    published2009-12-30
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/43613
    titleMandriva Linux Security Advisory : kde (MDVSA-2009:346)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8049.NASL
    descriptionThis update fixes several security issues in KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet) work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU machines fail was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40414
    published2009-07-29
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40414
    titleFedora 10 : kdelibs-4.2.4-6.fc10 (2009-8049)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-027.NASL
    descriptionMultiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
    last seen2020-06-01
    modified2020-06-02
    plugin id48170
    published2010-07-30
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/48170
    titleMandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:027)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8046.NASL
    descriptionThis update fixes several security issues in the KDE 3 compatibility version of KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, the package was fixed to build with the latest version of automake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40413
    published2009-07-29
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40413
    titleFedora 11 : kdelibs3-3.5.10-13.fc11 (2009-8046)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8802.NASL
    descriptionQt
    last seen2020-06-01
    modified2020-06-02
    plugin id40681
    published2009-08-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40681
    titleFedora 10 : qt-4.5.2-2.fc10 (2009-8802)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_KDELIBS3-101103.NASL
    descriptionAn invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id51088
    published2010-12-09
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51088
    titleSuSE 11 Security Update : kdelibs (SAT Patch Number 3450)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-836-1.NASL
    descriptionIt was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that WebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id41606
    published2009-09-24
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/41606
    titleUbuntu 8.10 / 9.04 : webkit vulnerabilities (USN-836-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_LIBWEBKIT-110111.NASL
    descriptionVarious bugs in webkit have been fixed. The CVE id
    last seen2020-06-01
    modified2020-06-02
    plugin id53764
    published2011-05-05
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/53764
    titleopenSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SAFARI4_0_2.NASL
    descriptionThe version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0.2 As such, it is potentially affected by two issues : - A vulnerability in WebKit
    last seen2020-06-01
    modified2020-06-02
    plugin id39768
    published2009-07-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/39768
    titleMac OS X : Apple Safari < 4.0.2
  • NASL familySuSE Local Security Checks
    NASL idSUSE_KDELIBS3-7217.NASL
    descriptionAn invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id51089
    published2010-12-09
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51089
    titleSuSE 10 Security Update : kdelibs (ZYPP Patch Number 7217)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_LIBWEBKIT-110104.NASL
    descriptionVarious bugs in webkit have been fixed. The CVE id
    last seen2020-06-01
    modified2020-06-02
    plugin id75629
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75629
    titleopenSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)

Oval

accepted2014-02-03T04:04:45.713-05:00
classvulnerability
contributors
  • namePrabhu.S.A
    organizationSecPod Technologies
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
definition_extensions
commentApple Safari is installed
ovaloval:org.mitre.oval:def:6325
descriptionWebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
familywindows
idoval:org.mitre.oval:def:5777
statusaccepted
submitted2009-09-24T09:00:11
titleApple Safari WebKit Numeric Character References Remote Memory Corruption Vulnerability.
version12

Statements

contributorTomas Hoger
lastmodified2009-08-07
organizationRed Hat
statementNot vulnerable. This issue did not affect the versions of the kdelibs packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5.

References