Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 Tenable Network Security, Inc.FEDORA_2013-22847.NASL
HistoryJan 24, 2014 - 12:00 a.m.

Fedora 20 : qt3-3.3.8b-56.fc20 (2013-22847)

2014-01-2400:00:00
This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.
www.tenable.com
11
JSON

This update fixes CVE-2013-4549 (XML Entity Expansion Denial of Service) in Qt 3. See the Qt Project Security Advisory for details:
http://lists.qt-project.org/pipermail/announce/2013-December/000036.ht ml

In addition, this update fixes :

  • QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description),

    • QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded,

    • some minor format string abuse that was probably not exploitable (most instances definitely weren’t).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2013-22847.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(72110);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-4549");
  script_xref(name:"FEDORA", value:"2013-22847");

  script_name(english:"Fedora 20 : qt3-3.3.8b-56.fc20 (2013-22847)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes CVE-2013-4549 (XML Entity Expansion Denial of
Service) in Qt 3. See the Qt Project Security Advisory for details:
http://lists.qt-project.org/pipermail/announce/2013-December/000036.ht
ml

In addition, this update fixes :

  - QTBUG-35459, a too low character limit for XML entities
    enforced by the fix for CVE-2013-4549 that was breaking
    real-world XML files (in particular, the KatePart
    Lilypond syntax highlighting description),

    - QTBUG-35460, a misspelling in the error message
      produced by the CVE-2013-4549 fix when the character
      limit for XML entities was exceeded,

    - some minor format string abuse that was probably not
      exploitable (most instances definitely weren't).

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  # http://lists.qt-project.org/pipermail/announce/2013-December/000036.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6cfa8350"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2014-January/127076.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6876f41c"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected qt3 package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:qt3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/12/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC20", reference:"qt3-3.3.8b-56.fc20")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt3");
}
VendorProductVersionCPE
fedoraprojectfedoraqt3p-cpe:/a:fedoraproject:fedora:qt3
fedoraprojectfedora20cpe:/o:fedoraproject:fedora:20

Related

openvas 26
nessus 16
fedora 14
mageia 3
securityvulns 2
gentoo 1
ubuntu 1
ubuntucve 1
freebsd 1
prion 1
debiancve 1
cve 1
openvas
openvas
Fedora Update for qt5-qtbase FEDORA-2014-5680
2014-05-12 00:00:00
Fedora Update for qt3 FEDORA-2013-22847
2014-02-03 00:00:00
Fedora Update for qt5-qtbase FEDORA-2014-5710
2014-05-12 00:00:00
nessus
nessus
FreeBSD : qt4-xml -- XML Entity Expansion Denial of Service (89709e58-d497-11e3-a3d5-5453ed2e2b49)
2014-05-06 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.04 / 13.10 : qt4-x11, qtbase-opensource-src vulnerability (USN-2057-1)
2013-12-18 00:00:00
Fedora 19 : qt-4.8.5-15.fc19 (2013-22932)
2014-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: qt5-qtbase-5.2.1-8.fc19
2014-05-06 03:32:31
[SECURITY] Fedora 19 Update: qt3-3.3.8b-56.fc19
2014-01-23 11:11:04
[SECURITY] Fedora 20 Update: qt3-3.3.8b-56.fc20
2014-01-23 11:18:08
mageia
mageia
Updated qt5 packages fix security vulnerability.
2014-03-03 23:58:12
Updated qt4 package fixes security vulnerability
2014-01-17 04:20:35
Updated qt3 packages fix security vulnerabilities
2014-06-18 22:02:44
securityvulns
securityvulns
QT resources exhaustion
2013-12-24 00:00:00
[USN-2057-1] Qt vulnerability
2013-12-24 00:00:00
gentoo
gentoo
QtCore: Denial of service
2014-03-13 00:00:00
ubuntu
ubuntu
Qt vulnerability
2013-12-17 00:00:00
ubuntucve
ubuntucve
CVE-2013-4549
2013-12-05 00:00:00
freebsd
freebsd
qt4-xml -- XML Entity Expansion Denial of Service
2013-12-05 00:00:00
prion
prion
Code injection
2013-12-23 22:55:00
debiancve
debiancve
CVE-2013-4549
2013-12-23 22:55:00
cve
cve
CVE-2013-4549
2013-12-23 22:55:00
JSON
Related for FEDORA_2013-22847.NASL
openvas26nessus16fedora14mageia3securityvulns2gentoo1ubuntu1ubuntucve1freebsd1prion1debiancve1cve1