Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2188.NASL
HistoryMar 11, 2011 - 12:00 a.m.

Debian DSA-2188-1 : webkit - several vulnerabilities

2011-03-1100:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

Several vulnerabilities have been discovered in WebKit, a Web content engine library for GTK+. The Common Vulnerabilities and Exposures project identifies the following problems :

  • CVE-2010-1783 WebKit does not properly handle dynamic modification of a text node, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.

  • CVE-2010-2901 The rendering implementation in WebKit allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

  • CVE-2010-4199 WebKit does not properly perform a cast of an unspecified variable during processing of an SVG <use> element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.

  • CVE-2010-4040 WebKit does not properly handle animated GIF images, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted image.

  • CVE-2010-4492 Use-after-free vulnerability in WebKit allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving SVG animations.

  • CVE-2010-4493 Use-after-free vulnerability in WebKit allows remote attackers to cause a denial of service via vectors related to the handling of mouse dragging events.

  • CVE-2010-4577 The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp in WebKit does not properly parse Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted local font, related to ‘Type Confusion’.

  • CVE-2010-4578 WebKit does not properly perform cursor handling, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to ‘stale pointers’.

  • CVE-2011-0482 WebKit does not properly perform a cast of an unspecified variable during handling of anchors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document.

  • CVE-2011-0778 WebKit does not properly restrict drag and drop operations, which might allow remote attackers to bypass the Same Origin Policy via unspecified vectors.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2188. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(52620);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2010-0474", "CVE-2010-1783", "CVE-2010-2901", "CVE-2010-4040", "CVE-2010-4199", "CVE-2010-4492", "CVE-2010-4493", "CVE-2010-4577", "CVE-2010-4578", "CVE-2011-0482", "CVE-2011-0778");
  script_bugtraq_id(42035, 45722, 45788, 46144);
  script_xref(name:"DSA", value:"2188");

  script_name(english:"Debian DSA-2188-1 : webkit - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been discovered in WebKit, a Web content
engine library for GTK+. The Common Vulnerabilities and Exposures
project identifies the following problems :

  - CVE-2010-1783
    WebKit does not properly handle dynamic modification of
    a text node, which allows remote attackers to execute
    arbitrary code or cause a denial of service (memory
    corruption and application crash) via a crafted HTML
    document.

  - CVE-2010-2901
    The rendering implementation in WebKit allows remote
    attackers to cause a denial of service (memory
    corruption) or possibly have unspecified other impact
    via unknown vectors.

  - CVE-2010-4199
    WebKit does not properly perform a cast of an
    unspecified variable during processing of an SVG <use>
    element, which allows remote attackers to cause a denial
    of service or possibly have unspecified other impact via
    a crafted SVG document.

  - CVE-2010-4040
    WebKit does not properly handle animated GIF images,
    which allows remote attackers to cause a denial of
    service (memory corruption) or possibly have unspecified
    other impact via a crafted image.

  - CVE-2010-4492
    Use-after-free vulnerability in WebKit allows remote
    attackers to cause a denial of service or possibly have
    unspecified other impact via vectors involving SVG
    animations.

  - CVE-2010-4493
    Use-after-free vulnerability in WebKit allows remote
    attackers to cause a denial of service via vectors
    related to the handling of mouse dragging events.

  - CVE-2010-4577
    The CSSParser::parseFontFaceSrc function in
    WebCore/css/CSSParser.cpp in WebKit does not properly
    parse Cascading Style Sheets (CSS) token sequences,
    which allows remote attackers to cause a denial of
    service (out-of-bounds read) via a crafted local font,
    related to 'Type Confusion'.

  - CVE-2010-4578
    WebKit does not properly perform cursor handling, which
    allows remote attackers to cause a denial of service or
    possibly have unspecified other impact via unknown
    vectors that lead to 'stale pointers'.

  - CVE-2011-0482
    WebKit does not properly perform a cast of an
    unspecified variable during handling of anchors, which
    allows remote attackers to cause a denial of service or
    possibly have unspecified other impact via a crafted
    HTML document.

  - CVE-2011-0778
    WebKit does not properly restrict drag and drop
    operations, which might allow remote attackers to bypass
    the Same Origin Policy via unspecified vectors."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-1783"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-2901"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-4199"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-4040"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-4492"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-4493"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-4577"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-4578"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-0482"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2011-0778"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/webkit"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2011/dsa-2188"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the webkit packages.

For the stable distribution (squeeze), these problems have been fixed
in version 1.2.7-0+squeeze1.

Security support for WebKit has been discontinued for the oldstable
distribution (lenny). The current version in oldstable is not
supported by upstream anymore and is affected by several security
issues. Backporting fixes for these and any future issues has become
unfeasible and therefore we need to drop our security support for the
version in oldstable."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:webkit");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/03/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/03/11");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"gir1.0-webkit-1.0", reference:"1.2.7-0+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"libwebkit-1.0-2", reference:"1.2.7-0+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"libwebkit-1.0-2-dbg", reference:"1.2.7-0+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"libwebkit-1.0-common", reference:"1.2.7-0+squeeze1")) flag++;
if (deb_check(release:"6.0", prefix:"libwebkit-dev", reference:"1.2.7-0+squeeze1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxwebkitp-cpe:/a:debian:debian_linux:webkit
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

References

Related

openvas 55
debian 4
osv 2
nessus 29
freebsd 2
ubuntu 1
prion 11
debiancve 10
cve 12
ubuntucve 14
veracode 2
fedora 4
gentoo 1
exploitpack 1
securityvulns 5
packetstorm 1
seebug 1
exploitdb 1
redhat 1
oraclelinux 1
openvas
openvas
Debian Security Advisory DSA 2188-1 (webkit)
2011-05-12 00:00:00
Debian: Security Advisory (DSA-2188-1)
2011-05-12 00:00:00
FreeBSD Ports: webkit-gtk2
2011-03-05 00:00:00
debian
debian
[SECURITY] [DSA 2188-1] webkit security update
2011-03-10 12:16:11
[SECURITY] [DSA 2188-1] webkit security update
2011-03-10 13:22:42
[SECURITY] [DSA 2166-1] chromium-browser security update
2011-02-16 15:50:28
osv
osv
webkit - several
2011-03-10 00:00:00
chromium-browser - several
2011-02-16 00:00:00
nessus
nessus
FreeBSD : webkit-gtk2 -- Multiple vurnabilities. (35ecdcbe-3501-11e0-afcd-0015f2db7bde)
2011-02-11 00:00:00
Fedora 13 : webkitgtk-1.2.7-1.fc13 (2011-1224)
2011-02-18 00:00:00
SuSE 11.1 Security Update : webkit (SAT Patch Number 4765)
2011-06-29 00:00:00
freebsd
freebsd
webkit-gtk2 -- Multiple vurnabilities.
2011-02-08 00:00:00
webkit-gtk2 -- Multiple vulnerabilities
2010-12-28 00:00:00
ubuntu
ubuntu
WebKit vulnerabilities
2011-08-23 00:00:00
prion
prion
Memory corruption
2010-10-21 19:00:00
Memory corruption
2010-07-28 20:00:00
Code injection
2010-11-06 00:00:00
debiancve
debiancve
CVE-2010-4493
2010-12-07 21:00:00
CVE-2010-4040
2010-10-21 19:00:00
CVE-2010-4199
2010-11-06 00:00:00
cve
cve
CVE-2010-4493
2010-12-07 21:00:00
CVE-2010-4040
2010-10-21 19:00:00
CVE-2010-1783
2010-07-30 20:30:00
ubuntucve
ubuntucve
CVE-2010-1783
2010-07-30 00:00:00
CVE-2010-4493
2010-12-07 00:00:00
CVE-2010-4199
2010-11-05 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:53:15
Denial Of Service (DoS)
2020-04-10 00:53:21
fedora
fedora
[SECURITY] Fedora 13 Update: webkitgtk-1.2.7-1.fc13
2011-02-18 01:51:56
[SECURITY] Fedora 13 Update: webkitgtk-1.2.4-1.fc13
2010-09-15 05:40:48
[SECURITY] Fedora 12 Update: webkitgtk-1.2.4-1.fc12
2010-09-21 01:43:18
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-11 00:00:00
exploitpack
exploitpack
Konqueror 4.7.3 - Memory Corruption
2012-11-01 00:00:00
securityvulns
securityvulns
Nth Dimension Security Advisory &#40;NDSA20121010&#41;
2012-11-02 00:00:00
Google Chrome multiple security vulonerabilities
2011-02-22 00:00:00
[SECURITY] [DSA 2166-1] chromium-browser security update
2011-02-22 00:00:00
packetstorm
packetstorm
Konqueror 4.7.3 Memory Corruption
2012-10-31 00:00:00
seebug
seebug
Konqueror 4.7.3 Memory Corruption
2014-07-01 00:00:00
exploitdb
exploitdb
Konqueror 4.7.3 - Memory Corruption
2012-11-01 00:00:00
redhat
redhat
(RHSA-2011:0177) Moderate: webkitgtk security update
2011-01-25 00:00:00
oraclelinux
oraclelinux
webkitgtk security update
2011-02-10 00:00:00
JSON
Related for DEBIAN_DSA-2188.NASL
openvas55debian4osv2nessus29freebsd2ubuntu1prion11debiancve10cve12ubuntucve14veracode2fedora4gentoo1exploitpack1securityvulns5packetstorm1seebug1exploitdb1redhat1oraclelinux1