Synopsis
The remote host is missing a vendor-supplied security patch
Description
The remote host is missing the patch for the advisory SUSE-SA:2004:027 (qt3/qt3-non-mt/qt3-32bit/qt3-static).
The QT-library is an environment for GUI-programming and is used in various well-known projects, like KDE.
There is a heap overflow in the BMP image format parser. An attacker, exploiting this flaw, would need to be able to coerce a local user or program to process a specially crafted image file. Upon successful exploitation, the attacker would be able to execute arbitrary code.
In addition, there are 2 distinct flaws within the XPM parser which, when exploited, lead to a Denial of Service (DoS).
Solution
http://www.suse.de/security/2004_27_qt3.html
Plugin Details
File Name: suse_SA_2004_027.nasl
Agent: unix
Supported Sensors: Nessus Agent, Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: Host/SuSE/rpm-list
Exploit Ease: Exploits are available