Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-1950.NASL
HistoryFeb 24, 2010 - 12:00 a.m.

Debian DSA-1950-1 : webkit - several vulnerabilities

2010-02-2400:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

Several vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems :

  • CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption.

  • CVE-2009-1687 The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an ‘offset of a NULL pointer.’

  • CVE-2009-1690 Use-after-free vulnerability in WebKit, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to ‘recursion in certain DOM event handlers.’

  • CVE-2009-1698 WebKit does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

  • CVE-2009-1711 WebKit does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.

  • CVE-2009-1712 WebKit does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.

  • CVE-2009-1725 WebKit do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

  • CVE-2009-1714 Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.

  • CVE-2009-1710 WebKit allows remote attackers to spoof the browser’s display of the host name, security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property.

  • CVE-2009-1697 CRLF injection vulnerability in WebKit allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary websites on the same server through use of XMLHttpRequest without a Host header.

  • CVE-2009-1695 Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition.

  • CVE-2009-1693 WebKit allows remote attackers to read images from arbitrary websites via a CANVAS element with an SVG image, related to a ‘cross-site image capture issue.’

  • CVE-2009-1694 WebKit does not properly handle redirects, which allows remote attackers to read images from arbitrary websites via vectors involving a CANVAS element and redirection, related to a ‘cross-site image capture issue.’

  • CVE-2009-1681 WebKit does not prevent websites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct ‘clickjacking’ attacks via a crafted HTML document.

  • CVE-2009-1684 Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.

  • CVE-2009-1692 WebKit allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1950. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(44815);
  script_version("1.15");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2009-0945", "CVE-2009-1681", "CVE-2009-1684", "CVE-2009-1687", "CVE-2009-1690", "CVE-2009-1692", "CVE-2009-1693", "CVE-2009-1694", "CVE-2009-1695", "CVE-2009-1697", "CVE-2009-1698", "CVE-2009-1710", "CVE-2009-1711", "CVE-2009-1712", "CVE-2009-1714", "CVE-2009-1725");
  script_xref(name:"DSA", value:"1950");

  script_name(english:"Debian DSA-1950-1 : webkit - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in WebKit, a Web content
engine library for Gtk+. The Common Vulnerabilities and Exposures
project identifies the following problems :

  - CVE-2009-0945
    Array index error in the insertItemBefore method in
    WebKit, allows remote attackers to execute arbitrary
    code via a document with a SVGPathList data structure
    containing a negative index in the SVGTransformList,
    SVGStringList, SVGNumberList, SVGPathSegList,
    SVGPointList, or SVGLengthList SVGList object, which
    triggers memory corruption.

  - CVE-2009-1687
    The JavaScript garbage collector in WebKit does not
    properly handle allocation failures, which allows remote
    attackers to execute arbitrary code or cause a denial of
    service (memory corruption and application crash) via a
    crafted HTML document that triggers write access to an
    'offset of a NULL pointer.'

  - CVE-2009-1690
    Use-after-free vulnerability in WebKit, allows remote
    attackers to execute arbitrary code or cause a denial of
    service (memory corruption and application crash) by
    setting an unspecified property of an HTML tag that
    causes child elements to be freed and later accessed
    when an HTML error occurs, related to 'recursion in
    certain DOM event handlers.'

  - CVE-2009-1698
    WebKit does not initialize a pointer during handling of
    a Cascading Style Sheets (CSS) attr function call with a
    large numerical argument, which allows remote attackers
    to execute arbitrary code or cause a denial of service
    (memory corruption and application crash) via a crafted
    HTML document.

  - CVE-2009-1711
    WebKit does not properly initialize memory for Attr DOM
    objects, which allows remote attackers to execute
    arbitrary code or cause a denial of service (application
    crash) via a crafted HTML document.

  - CVE-2009-1712
    WebKit does not prevent remote loading of local Java
    applets, which allows remote attackers to execute
    arbitrary code, gain privileges, or obtain sensitive
    information via an APPLET or OBJECT element.

  - CVE-2009-1725
    WebKit do not properly handle numeric character
    references, which allows remote attackers to execute
    arbitrary code or cause a denial of service (memory
    corruption and application crash) via a crafted HTML
    document.

  - CVE-2009-1714
    Cross-site scripting (XSS) vulnerability in Web
    Inspector in WebKit allows user-assisted remote
    attackers to inject arbitrary web script or HTML, and
    read local files, via vectors related to the improper
    escaping of HTML attributes.

  - CVE-2009-1710
    WebKit allows remote attackers to spoof the browser's
    display of the host name, security indicators, and
    unspecified other UI elements via a custom cursor in
    conjunction with a modified CSS3 hotspot property.

  - CVE-2009-1697
    CRLF injection vulnerability in WebKit allows remote
    attackers to inject HTTP headers and bypass the Same
    Origin Policy via a crafted HTML document, related to
    cross-site scripting (XSS) attacks that depend on
    communication with arbitrary websites on the same server
    through use of XMLHttpRequest without a Host header.

  - CVE-2009-1695
    Cross-site scripting (XSS) vulnerability in WebKit
    allows remote attackers to inject arbitrary web script
    or HTML via vectors involving access to frame contents
    after completion of a page transition.

  - CVE-2009-1693
    WebKit allows remote attackers to read images from
    arbitrary websites via a CANVAS element with an SVG
    image, related to a 'cross-site image capture issue.'

  - CVE-2009-1694
    WebKit does not properly handle redirects, which allows
    remote attackers to read images from arbitrary websites
    via vectors involving a CANVAS element and redirection,
    related to a 'cross-site image capture issue.'

  - CVE-2009-1681
    WebKit does not prevent websites from loading
    third-party content into a subframe, which allows remote
    attackers to bypass the Same Origin Policy and conduct
    'clickjacking' attacks via a crafted HTML document.

  - CVE-2009-1684
    Cross-site scripting (XSS) vulnerability in WebKit
    allows remote attackers to inject arbitrary web script
    or HTML via an event handler that triggers script
    execution in the context of the next loaded document.

  - CVE-2009-1692
    WebKit allows remote attackers to cause a denial of
    service (memory consumption or device reset) via a web
    page containing an HTMLSelectElement object with a large
    length attribute, related to the length property of a
    Select object."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532724"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532725"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534946"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535793"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538346"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-0945"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1687"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1690"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1698"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1711"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1712"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1725"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1710"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1697"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1695"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1693"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1694"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1681"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1684"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2009-1692"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2009/dsa-1950"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the webkit package.

For the stable distribution (lenny), these problems has been fixed in
version 1.0.1-4+lenny2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(20, 79, 94, 189, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:webkit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2009/05/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2009/12/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"5.0", prefix:"libwebkit-1.0-1", reference:"1.0.1-4+lenny2")) flag++;
if (deb_check(release:"5.0", prefix:"libwebkit-1.0-1-dbg", reference:"1.0.1-4+lenny2")) flag++;
if (deb_check(release:"5.0", prefix:"libwebkit-dev", reference:"1.0.1-4+lenny2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxwebkitp-cpe:/a:debian:debian_linux:webkit
debiandebian_linux5.0cpe:/o:debian:debian_linux:5.0

References

Related

debian 5
openvas 53
osv 4
nessus 29
ubuntu 3
fedora 13
oraclelinux 2
centos 2
redhat 2
altlinux 1
seebug 2
securityvulns 9
cve 16
ubuntucve 16
zdi 2
debiancve 16
prion 16
chrome 1
veracode 4
packetstorm 1
exploitpack 1
exploitdb 1
debian
debian
[SECURITY] [DSA-1950-1] New webkit packages fix several vulnerabilities
2009-12-12 10:10:15
[SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities
2010-02-02 22:44:05
[SECURITY] [DSA-1988-1] New qt4-x11 packages fix several vulnerabilities
2010-02-02 22:44:05
openvas
openvas
Debian: Security Advisory (DSA-1950-1)
2023-03-08 00:00:00
Ubuntu: Security Advisory (USN-836-1)
2009-09-28 00:00:00
Ubuntu USN-836-1 (webkit)
2009-09-28 00:00:00
osv
osv
webkit - several vulnerabilities
2009-12-12 00:00:00
qt4-x11 - several vulnerabilities
2010-02-02 00:00:00
kde4libs - several vulnerabilities
2009-08-19 00:00:00
nessus
nessus
Ubuntu 8.10 / 9.04 : webkit vulnerabilities (USN-836-1)
2009-09-24 00:00:00
Ubuntu 8.04 LTS / 8.10 / 9.04 : kde4libs, kdelibs vulnerabilities (USN-822-1)
2009-08-25 00:00:00
Ubuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)
2009-11-11 00:00:00
ubuntu
ubuntu
WebKit vulnerabilities
2009-09-23 00:00:00
Qt vulnerabilities
2009-11-10 00:00:00
KDE-Libs vulnerabilities
2009-08-24 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: kdelibs-4.2.4-6.fc11
2009-07-28 18:23:23
[SECURITY] Fedora 10 Update: kdelibs-4.2.4-6.fc10
2009-07-28 18:26:55
[SECURITY] Fedora 11 Update: kdelibs3-3.5.10-13.fc11
2009-07-28 18:27:35
oraclelinux
oraclelinux
kdelibs security update
2009-06-25 00:00:00
kdelibs security update
2009-06-25 00:00:00
centos
centos
kdelibs security update
2009-06-26 14:03:32
kdelibs security update
2009-06-25 17:39:16
redhat
redhat
(RHSA-2009:1127) Critical: kdelibs security update
2009-06-25 00:00:00
(RHSA-2009:1128) Important: kdelibs security update
2009-06-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package kde4libs version 4.2.4-alt3
2009-06-29 00:00:00
seebug
seebug
Apple Safari 4.0多个安全漏洞
2009-06-11 00:00:00
Multiple Web Browsers Denial of Service Exploit (1 bug to rule them all)
2009-07-15 00:00:00
securityvulns
securityvulns
WebKit / Apple Safari multiple security vulnerabilities
2009-06-23 00:00:00
[TZO-37-2009] Apple Safari <v4 Remote code execution
2009-06-16 00:00:00
Apple iPhone memory corruption
2009-07-23 00:00:00
cve
cve
CVE-2009-1712
2009-06-10 18:00:00
CVE-2009-1695
2009-06-10 18:00:00
CVE-2009-0945
2009-05-13 17:30:00
ubuntucve
ubuntucve
CVE-2009-1698
2009-06-10 00:00:00
CVE-2009-1694
2009-06-10 00:00:00
CVE-2009-1695
2009-06-10 00:00:00
zdi
zdi
Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability
2009-06-08 00:00:00
Apple Safari Malformed SVGList Parsing Code Execution Vulnerability
2009-05-13 00:00:00
debiancve
debiancve
CVE-2009-1712
2009-06-10 18:00:00
CVE-2009-1697
2009-06-10 18:00:00
CVE-2009-1695
2009-06-10 18:00:00
prion
prion
Crlf injection
2009-06-10 18:00:00
Memory corruption
2009-06-10 18:00:00
Cross site scripting
2009-06-10 18:00:00
chrome
chrome
Stable Update: Bug fix
2009-05-07 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-04-10 00:39:14
Remote Code Execution (RCE)
2020-04-10 00:39:14
Denial Of Service (DoS)
2020-04-10 00:39:13
packetstorm
packetstorm
ECMAScript Denial Of Service
2009-07-17 00:00:00
exploitpack
exploitpack
Multiple Browsers - Denial of Service
2009-07-15 00:00:00
exploitdb
exploitdb
Multiple Browsers - Denial of Service
2009-07-15 00:00:00
JSON
Related for DEBIAN_DSA-1950.NASL
debian5openvas53osv4nessus29ubuntu3fedora13oraclelinux2centos2redhat2altlinux1seebug2securityvulns9cve16ubuntucve16zdi2debiancve16prion16chrome1veracode4packetstorm1exploitpack1exploitdb1