Detections
Analytics
Mandrake Linux Security Advisory : qt3 (MDKSA-2007:074)
medium Nessus Plugin ID 37804
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
Andreas Nolden discover a bug in qt3, where the UTF8 decoder does not reject overlong sequences, which can cause '/../' injection or (in the case of konqueror) a '<script>' tag injection.Updated packages have been patched to address this issue.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 37804
File Name: mandrake_MDKSA-2007-074.nasl
Version: 1.14
Type: local
Family: Mandriva Local Security Checks
Published: 4/23/2009
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.7
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:lib64designercore1, p-cpe:/a:mandriva:linux:lib64editor1, p-cpe:/a:mandriva:linux:lib64qassistantclient1, p-cpe:/a:mandriva:linux:lib64qt3, p-cpe:/a:mandriva:linux:lib64qt3-devel, p-cpe:/a:mandriva:linux:lib64qt3-mysql, p-cpe:/a:mandriva:linux:lib64qt3-odbc, p-cpe:/a:mandriva:linux:lib64qt3-psql, p-cpe:/a:mandriva:linux:lib64qt3-sqlite, p-cpe:/a:mandriva:linux:lib64qt3-static-devel, p-cpe:/a:mandriva:linux:libdesignercore1, p-cpe:/a:mandriva:linux:libeditor1, p-cpe:/a:mandriva:linux:libqassistantclient1, p-cpe:/a:mandriva:linux:libqt3, p-cpe:/a:mandriva:linux:libqt3-devel, p-cpe:/a:mandriva:linux:libqt3-mysql, p-cpe:/a:mandriva:linux:libqt3-odbc, p-cpe:/a:mandriva:linux:libqt3-psql, p-cpe:/a:mandriva:linux:libqt3-sqlite, p-cpe:/a:mandriva:linux:libqt3-static-devel, p-cpe:/a:mandriva:linux:qt3-common, p-cpe:/a:mandriva:linux:qt3-doc, p-cpe:/a:mandriva:linux:qt3-example, p-cpe:/a:mandriva:linux:qt3-tutorial, cpe:/o:mandriva:linux:2007
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 4/3/2007
Reference Information
CVE: CVE-2007-0242
MDKSA: 2007:074