Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2007-0883.NASL
HistorySep 14, 2007 - 12:00 a.m.

RHEL 2.1 / 3 / 4 / 5 : qt (RHSA-2007:0883)

2007-09-1400:00:00
This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

Updated qt packages that correct two security flaws are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.

A flaw was found in the way Qt expanded certain UTF8 characters. It was possible to prevent a Qt-based application from properly sanitizing user-supplied input. This could, for example, result in a cross-site scripting attack against the Konqueror web browser.
(CVE-2007-0242)

A buffer overflow flaw was found in the way Qt expanded malformed Unicode strings. If an application linked against Qt parsed a malicious Unicode string, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-4137)

Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2007:0883. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(26051);
  script_version("1.29");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2007-0242", "CVE-2007-4137");
  script_bugtraq_id(23269, 25657);
  script_xref(name:"RHSA", value:"2007:0883");

  script_name(english:"RHEL 2.1 / 3 / 4 / 5 : qt (RHSA-2007:0883)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated qt packages that correct two security flaws are now available.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

Qt is a software toolkit that simplifies the task of writing and
maintaining GUI (Graphical User Interface) applications for the X
Window System.

A flaw was found in the way Qt expanded certain UTF8 characters. It
was possible to prevent a Qt-based application from properly
sanitizing user-supplied input. This could, for example, result in a
cross-site scripting attack against the Konqueror web browser.
(CVE-2007-0242)

A buffer overflow flaw was found in the way Qt expanded malformed
Unicode strings. If an application linked against Qt parsed a
malicious Unicode string, it could lead to a denial of service or
possibly allow the execution of arbitrary code. (CVE-2007-4137)

Users of Qt should upgrade to these updated packages, which contain a
backported patch to correct these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2007-0242"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2007-4137"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2007:0883"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(119);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-MySQL");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-ODBC");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-PostgreSQL");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-Xt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-config");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-designer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-devel-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:qt-static");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");

  script_set_attribute(attribute:"vuln_publication_date", value:"2007/04/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2007/09/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/09/14");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(2\.1|3|4|5)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x / 4.x / 5.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2007:0883";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-2.3.1-14.EL2")) flag++;

  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-Xt-2.3.1-14.EL2")) flag++;

  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-designer-2.3.1-14.EL2")) flag++;

  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-devel-2.3.1-14.EL2")) flag++;

  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"qt-static-2.3.1-14.EL2")) flag++;


  if (rpm_check(release:"RHEL3", reference:"qt-3.1.2-17.RHEL3")) flag++;

  if (rpm_check(release:"RHEL3", reference:"qt-MySQL-3.1.2-17.RHEL3")) flag++;

  if (rpm_check(release:"RHEL3", reference:"qt-ODBC-3.1.2-17.RHEL3")) flag++;

  if (rpm_check(release:"RHEL3", reference:"qt-config-3.1.2-17.RHEL3")) flag++;

  if (rpm_check(release:"RHEL3", reference:"qt-designer-3.1.2-17.RHEL3")) flag++;

  if (rpm_check(release:"RHEL3", reference:"qt-devel-3.1.2-17.RHEL3")) flag++;


  if (rpm_check(release:"RHEL4", reference:"qt-3.3.3-13.RHEL4")) flag++;

  if (rpm_check(release:"RHEL4", reference:"qt-MySQL-3.3.3-13.RHEL4")) flag++;

  if (rpm_check(release:"RHEL4", reference:"qt-ODBC-3.3.3-13.RHEL4")) flag++;

  if (rpm_check(release:"RHEL4", reference:"qt-PostgreSQL-3.3.3-13.RHEL4")) flag++;

  if (rpm_check(release:"RHEL4", reference:"qt-config-3.3.3-13.RHEL4")) flag++;

  if (rpm_check(release:"RHEL4", reference:"qt-designer-3.3.3-13.RHEL4")) flag++;

  if (rpm_check(release:"RHEL4", reference:"qt-devel-3.3.3-13.RHEL4")) flag++;


  if (rpm_check(release:"RHEL5", reference:"qt-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"qt-MySQL-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"qt-MySQL-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"qt-MySQL-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"qt-ODBC-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"qt-ODBC-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"qt-ODBC-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"qt-PostgreSQL-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"qt-PostgreSQL-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"qt-PostgreSQL-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"qt-config-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"qt-config-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"qt-config-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"qt-designer-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"qt-designer-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"qt-designer-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", reference:"qt-devel-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"i386", reference:"qt-devel-docs-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"qt-devel-docs-3.3.6-23.el5")) flag++;

  if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"qt-devel-docs-3.3.6-23.el5")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qt / qt-MySQL / qt-ODBC / qt-PostgreSQL / qt-Xt / qt-config / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxqtp-cpe:/a:redhat:enterprise_linux:qt
redhatenterprise_linuxqt-mysqlp-cpe:/a:redhat:enterprise_linux:qt-mysql
redhatenterprise_linuxqt-odbcp-cpe:/a:redhat:enterprise_linux:qt-odbc
redhatenterprise_linuxqt-postgresqlp-cpe:/a:redhat:enterprise_linux:qt-postgresql
redhatenterprise_linuxqt-xtp-cpe:/a:redhat:enterprise_linux:qt-xt
redhatenterprise_linuxqt-configp-cpe:/a:redhat:enterprise_linux:qt-config
redhatenterprise_linuxqt-designerp-cpe:/a:redhat:enterprise_linux:qt-designer
redhatenterprise_linuxqt-develp-cpe:/a:redhat:enterprise_linux:qt-devel
redhatenterprise_linuxqt-devel-docsp-cpe:/a:redhat:enterprise_linux:qt-devel-docs
redhatenterprise_linuxqt-staticp-cpe:/a:redhat:enterprise_linux:qt-static
Rows per page:
1-10 of 151

Related

nessus 31
oraclelinux 3
openvas 38
redhat 3
centos 4
fedora 2
prion 2
ubuntucve 2
cvelist 2
veracode 2
ubuntu 2
debiancve 2
securityvulns 3
gentoo 1
cve 2
debian 3
slackware 1
osv 1
nessus
nessus
Oracle Linux 3 / 4 / 5 : qt (ELSA-2007-0883)
2013-07-12 00:00:00
Scientific Linux Security Update : qt on SL5.x, SL4.x, SL3.x i386/x86_64
2012-08-01 00:00:00
CentOS 3 / 4 / 5 : qt (CESA-2007:0883)
2007-09-14 00:00:00
oraclelinux
oraclelinux
Important: qt security update
2007-09-13 00:00:00
qt4 security update
2011-09-21 00:00:00
Moderate: kdelibs security update
2007-10-08 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2007-0883)
2015-10-08 00:00:00
Fedora Update for qt FEDORA-2007-703
2009-02-27 00:00:00
Fedora Update for qt FEDORA-2007-703
2009-02-27 00:00:00
redhat
redhat
(RHSA-2007:0883) Important: qt security update
2007-09-13 00:00:00
(RHSA-2011:1324) Moderate: qt4 security update
2011-09-21 00:00:00
(RHSA-2007:0909) Moderate: kdelibs security update
2007-10-08 00:00:00
centos
centos
qt security update
2007-09-13 18:50:19
qt security update
2007-09-14 01:30:43
qt4 security update
2011-09-22 03:19:27
fedora
fedora
[SECURITY] Fedora Core 6 Update: qt-3.3.8-2.fc6
2007-09-18 22:38:37
[SECURITY] Fedora 7 Update: qt-3.3.8-7.fc7
2007-09-19 02:53:35
prion
prion
Heap overflow
2007-09-18 19:17:00
Cross site scripting
2007-04-03 16:19:00
ubuntucve
ubuntucve
CVE-2007-4137
2007-09-18 00:00:00
CVE-2007-0242
2007-04-03 00:00:00
cvelist
cvelist
CVE-2007-4137
2007-09-18 19:00:00
CVE-2007-0242
2007-04-03 16:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:17:41
Cross-site Scripting (XSS)
2020-04-10 00:17:41
ubuntu
ubuntu
Qt vulnerability
2007-09-18 00:00:00
KDE library vulnerability
2007-04-11 00:00:00
debiancve
debiancve
CVE-2007-4137
2007-09-18 19:17:00
CVE-2007-0242
2007-04-03 16:19:00
securityvulns
securityvulns
[Full-disclosure] [ MDKSA-2007:183 ] - Updated qt3/qt4 packages fix vulnerability
2007-09-14 00:00:00
Qt library buffer overflow
2007-09-14 00:00:00
QT / KJS UTF-8 decoding security vulnerability
2007-04-05 00:00:00
gentoo
gentoo
Qt: Buffer overflow
2007-10-25 00:00:00
cve
cve
CVE-2007-4137
2007-09-18 19:17:00
CVE-2007-0242
2007-04-03 16:19:00
debian
debian
[SECURITY] [DSA 1292-1] New qt4-x11 packages fix cross-site scripting vulnerability
2007-05-15 00:00:00
[SECURITY] [DSA 1292-1] New qt4-x11 packages fix cross-site scripting vulnerability
2007-05-15 22:22:07
[SECURITY] [DSA 1426-1] New qt-x11-free packages fix several vulnerabilities
2007-12-08 00:00:00
slackware
slackware
[slackware-security] qt
2007-04-03 23:23:35
osv
osv
qt-x11-free - several vulnerabilities
2007-12-08 00:00:00
JSON
Related for REDHAT-RHSA-2007-0883.NASL
nessus31oraclelinux3openvas38redhat3centos4fedora2prion2ubuntucve2cvelist2veracode2ubuntu2debiancve2securityvulns3gentoo1cve2debian3slackware1osv1