Vulnerabilities > CVE-2012-6093 - Cryptographic Issues vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 19 | |
| OS | 4 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-0270.NASL description This build fixes a security issues : - QSslSocket may report incorrect errors when certificate verification fails. For more information: http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000020.html - blacklists unauthorized SSL certificates by Turktrust. For more information: http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000021.html This build also produces a new qt-designer-plugin-webkit subpackage containing QtWebKit designer plugin. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-25 plugin id 64084 published 2013-01-25 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64084 title Fedora 16 : qt-4.8.4-6.fc16 (2013-0270) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-0270. # include("compat.inc"); if (description) { script_id(64084); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-6093"); script_bugtraq_id(57162); script_xref(name:"FEDORA", value:"2013-0270"); script_name(english:"Fedora 16 : qt-4.8.4-6.fc16 (2013-0270)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This build fixes a security issues : - QSslSocket may report incorrect errors when certificate verification fails. For more information: http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000020.html - blacklists unauthorized SSL certificates by Turktrust. For more information: http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000021.html This build also produces a new qt-designer-plugin-webkit subpackage containing QtWebKit designer plugin. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://lists.qt-project.org/pipermail/announce/2013-January/000020.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?64b80cb2" ); # http://lists.qt-project.org/pipermail/announce/2013-January/000021.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?60074156" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=891955" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/097445.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?da8c2281" ); script_set_attribute(attribute:"solution", value:"Update the affected qt package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:qt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"qt-4.8.4-6.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt"); }NASL family Fedora Local Security Checks NASL id FEDORA_2013-0277.NASL description This build fixes a security issues : - QSslSocket may report incorrect errors when certificate verification fails. For more information: http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000020.html - blacklists unauthorized SSL certificates by Turktrust. For more information: http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000021.html This build also produces a new qt-designer-plugin-webkit subpackage containing QtWebKit designer plugin. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-14 plugin id 63509 published 2013-01-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63509 title Fedora 17 : qt-4.8.4-6.fc17 (2013-0277) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-0277. # include("compat.inc"); if (description) { script_id(63509); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-6093"); script_bugtraq_id(57162); script_xref(name:"FEDORA", value:"2013-0277"); script_name(english:"Fedora 17 : qt-4.8.4-6.fc17 (2013-0277)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This build fixes a security issues : - QSslSocket may report incorrect errors when certificate verification fails. For more information: http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000020.html - blacklists unauthorized SSL certificates by Turktrust. For more information: http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000021.html This build also produces a new qt-designer-plugin-webkit subpackage containing QtWebKit designer plugin. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # http://lists.qt-project.org/pipermail/announce/2013-January/000020.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?64b80cb2" ); # http://lists.qt-project.org/pipermail/announce/2013-January/000021.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?60074156" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=891955" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-January/096444.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?321247b7" ); script_set_attribute(attribute:"solution", value:"Update the affected qt package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:qt"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/01/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/01/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"qt-4.8.4-6.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-89.NASL description libqt4 was updated to fix various issues regarding to SSL and certificates. - various more compromised SSL root and intermediate certificates were blacklisted - Fix wrong error reporting when using a binary incompatible version of openSSL (bnc#797006, CVE-2012-6093) Bugfixes done : - enable linked support for OpenSSL - Add fix for qdbusviewer not matching args (bnc#784197) last seen 2020-06-05 modified 2014-06-13 plugin id 75211 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75211 title openSUSE Security Update : libqt4 (openSUSE-SU-2013:0256-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-53.NASL description - Add cert-blacklist-more.diff, cert-blacklist-tuerktrust.diff : - blacklist more evil certificates - Add weak-ssl-certificates.diff : - blacklist weak certificates - enable linked support for OpenSSL - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL (bnc#797006, CVE-2012-6093) last seen 2020-06-05 modified 2014-06-13 plugin id 75062 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75062 title openSUSE Security Update : libqt4 (openSUSE-SU-2013:0204-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1723-1.NASL description Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting requests from http to file schemes. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2012-5624) Stephen Cheng discovered that Qt may report incorrect errors when ssl certificate verification fails. (CVE-2012-6093) Tim Brown and Mark Lowe discovered that Qt incorrectly used weak permissions on shared memory segments. A local attacker could use this issue to view sensitive information, or modify program data belonging to other users. (CVE-2013-0254). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 64638 published 2013-02-15 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/64638 title Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : qt4-x11 vulnerabilities (USN-1723-1) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBQTWEBKIT-DEVEL-130302.NASL description libqt4 has been updated to fix several security issues. - An information disclosure via QSharedMemory was fixed which allowed local attackers to read information (e.g. bitmap content) from the attacked user. (CVE-2013-0254) - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL. (bnc#797006, CVE-2012-6093) - Various compromised SSL root certificates were blacklisted. Also a non-security bugfix has been applied : - Add fix for qdbusviewer not matching args (bnc#784197) last seen 2020-06-05 modified 2013-03-15 plugin id 65568 published 2013-03-15 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65568 title SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBQTWEBKIT-DEVEL-130301.NASL description libqt4 has been updated to fix several security issues. - An information disclosure via QSharedMemory was fixed which allowed local attackers to read information (e.g. bitmap content) from the attacked user. (CVE-2013-0254) - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL. (bnc#797006, CVE-2012-6093) - Various compromised SSL root certificates were blacklisted. Also a non-security bugfix has been applied : - Add fix for qdbusviewer not matching args (bnc#784197) last seen 2020-06-05 modified 2013-03-15 plugin id 65567 published 2013-03-15 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65567 title SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441) NASL family Fedora Local Security Checks NASL id FEDORA_2013-0199.NASL description This build fixes a security issues : - QSslSocket may report incorrect errors when certificate verification fails. For more information: http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000020.html - blacklists unauthorized SSL certificates by Turktrust. For more information: http://lists.qt-project.org/pipermail/announce/2013-Janu ary/000021.html This build also produces a new qt-designer-plugin-webkit subpackage containing QtWebKit designer plugin. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-01-23 plugin id 63649 published 2013-01-23 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63649 title Fedora 18 : qt-4.8.4-6.fc18 (2013-0199)
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582
- http://lists.opensuse.org/opensuse-updates/2013-02/msg00014.html
- https://bugzilla.redhat.com/show_bug.cgi?id=891955
- http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29
- http://www.ubuntu.com/usn/USN-1723-1
- http://www.openwall.com/lists/oss-security/2013/01/04/6
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00089.html
- http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29
- http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
- http://secunia.com/advisories/52217
- http://lists.opensuse.org/opensuse-updates/2013-01/msg00086.html
- https://codereview.qt-project.org/#change%2C42461