Debian DSA-1988-1 : qt4-x11 - several vulnerabilities

High Nessus Plugin ID 44852

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code.

- CVE-2009-1687 The JavaScript garbage collector in WebKit, as used in qt4-x11 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an 'offset of a NULL pointer.

- CVE-2009-1690 Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs.

- CVE-2009-1698 WebKit in qt4-x11 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

- CVE-2009-1699 The XSL stylesheet implementation in WebKit, as used in qt4-x11 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD.

- CVE-2009-1711 WebKit in qt4-x11 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

- CVE-2009-1712 WebKit in qt4-x11 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.

- CVE-2009-1713 The XSLT functionality in WebKit, as used in qt4-x11 does not properly implement the document function, which allows remote attackers to read arbitrary local files and files from different security zones.

- CVE-2009-1725 WebKit in qt4-x11 does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

- CVE-2009-2700 qt4-x11 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

The oldstable distribution (etch) is not affected by these problems.

Solution

Upgrade the qt4-x11 packages.

For the stable distribution (lenny), these problems have been fixed in version 4.4.3-1+lenny1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532718

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534946

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538347

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545793

https://security-tracker.debian.org/tracker/CVE-2009-0945

https://security-tracker.debian.org/tracker/CVE-2009-1687

https://security-tracker.debian.org/tracker/CVE-2009-1690

https://security-tracker.debian.org/tracker/CVE-2009-1698

https://security-tracker.debian.org/tracker/CVE-2009-1699

https://security-tracker.debian.org/tracker/CVE-2009-1711

https://security-tracker.debian.org/tracker/CVE-2009-1712

https://security-tracker.debian.org/tracker/CVE-2009-1713

https://security-tracker.debian.org/tracker/CVE-2009-1725

https://security-tracker.debian.org/tracker/CVE-2009-2700

https://www.debian.org/security/2010/dsa-1988

Plugin Details

Severity: High

ID: 44852

File Name: debian_DSA-1988.nasl

Version: 1.15

Type: local

Agent: unix

Published: 2010/02/24

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:qt4-x11, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/02/02

Vulnerability Publication Date: 2009/05/13

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2009-0945, CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1699, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1725, CVE-2009-2700

BID: 34924, 35271, 35309, 35318

DSA: 1988

CWE: 94, 189, 200, 264, 399