Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2011-0177.NASL
HistoryJan 26, 2011 - 12:00 a.m.

RHEL 6 : webkitgtk (RHSA-2011:0177)

2011-01-2600:00:00
This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
JSON

Updated webkitgtk packages that fix several security issues are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

WebKitGTK+ is the port of the portable web rendering engine WebKit to the GTK+ platform.

Multiple memory corruption flaws were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790, CVE-2010-1792, CVE-2010-1807, CVE-2010-1814, CVE-2010-3114, CVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3812, CVE-2010-4198)

Multiple use-after-free flaws were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793, CVE-2010-1812, CVE-2010-1815, CVE-2010-3113, CVE-2010-3257, CVE-2010-4197, CVE-2010-4204)

Two array index errors, leading to out-of-bounds memory reads, were found in WebKit. Malicious web content could cause an application using WebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577)

A flaw in WebKit could allow malicious web content to trick a user into thinking they are visiting the site reported by the location bar, when the page is actually content controlled by an attacker.
(CVE-2010-3115)

It was found that WebKit did not correctly restrict read access to images created from the ‘canvas’ element. Malicious web content could allow a remote attacker to bypass the same-origin policy and potentially access sensitive image data. (CVE-2010-3259)

A flaw was found in the way WebKit handled DNS prefetching. Even when it was disabled, web content containing certain ‘link’ elements could cause WebKitGTK+ to perform DNS prefetching. (CVE-2010-3813)

Users of WebKitGTK+ should upgrade to these updated packages, which contain WebKitGTK+ version 1.2.6, and resolve these issues. All running applications that use WebKitGTK+ must be restarted for this update to take effect.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2011:0177. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(51672);
  script_version("1.24");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-1780", "CVE-2010-1782", "CVE-2010-1783", "CVE-2010-1784", "CVE-2010-1785", "CVE-2010-1786", "CVE-2010-1787", "CVE-2010-1788", "CVE-2010-1790", "CVE-2010-1792", "CVE-2010-1793", "CVE-2010-1807", "CVE-2010-1812", "CVE-2010-1814", "CVE-2010-1815", "CVE-2010-3113", "CVE-2010-3114", "CVE-2010-3115", "CVE-2010-3116", "CVE-2010-3119", "CVE-2010-3255", "CVE-2010-3257", "CVE-2010-3259", "CVE-2010-3812", "CVE-2010-3813", "CVE-2010-4197", "CVE-2010-4198", "CVE-2010-4204", "CVE-2010-4206", "CVE-2010-4577");
  script_bugtraq_id(42034, 42035, 42036, 42037, 42038, 42041, 42042, 42043, 42044, 42046, 42049, 43047, 43079, 43081, 43083, 44199, 44200, 44201, 44203, 44204, 44206, 44954, 44960, 45718, 45719, 45720, 45721, 45722);
  script_xref(name:"RHSA", value:"2011:0177");

  script_name(english:"RHEL 6 : webkitgtk (RHSA-2011:0177)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated webkitgtk packages that fix several security issues are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
moderate security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

WebKitGTK+ is the port of the portable web rendering engine WebKit to
the GTK+ platform.

Multiple memory corruption flaws were found in WebKit. Malicious web
content could cause an application using WebKitGTK+ to crash or,
potentially, execute arbitrary code with the privileges of the user
running the application. (CVE-2010-1782, CVE-2010-1783, CVE-2010-1784,
CVE-2010-1785, CVE-2010-1787, CVE-2010-1788, CVE-2010-1790,
CVE-2010-1792, CVE-2010-1807, CVE-2010-1814, CVE-2010-3114,
CVE-2010-3116, CVE-2010-3119, CVE-2010-3255, CVE-2010-3812,
CVE-2010-4198)

Multiple use-after-free flaws were found in WebKit. Malicious web
content could cause an application using WebKitGTK+ to crash or,
potentially, execute arbitrary code with the privileges of the user
running the application. (CVE-2010-1780, CVE-2010-1786, CVE-2010-1793,
CVE-2010-1812, CVE-2010-1815, CVE-2010-3113, CVE-2010-3257,
CVE-2010-4197, CVE-2010-4204)

Two array index errors, leading to out-of-bounds memory reads, were
found in WebKit. Malicious web content could cause an application
using WebKitGTK+ to crash. (CVE-2010-4206, CVE-2010-4577)

A flaw in WebKit could allow malicious web content to trick a user
into thinking they are visiting the site reported by the location bar,
when the page is actually content controlled by an attacker.
(CVE-2010-3115)

It was found that WebKit did not correctly restrict read access to
images created from the 'canvas' element. Malicious web content could
allow a remote attacker to bypass the same-origin policy and
potentially access sensitive image data. (CVE-2010-3259)

A flaw was found in the way WebKit handled DNS prefetching. Even when
it was disabled, web content containing certain 'link' elements could
cause WebKitGTK+ to perform DNS prefetching. (CVE-2010-3813)

Users of WebKitGTK+ should upgrade to these updated packages, which
contain WebKitGTK+ version 1.2.6, and resolve these issues. All
running applications that use WebKitGTK+ must be restarted for this
update to take effect."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1780"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1782"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1783"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1784"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1785"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1786"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1787"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1788"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1790"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1792"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1793"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1807"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1812"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1814"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-1815"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3113"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3114"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3115"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3116"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3119"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3255"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3257"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3259"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3812"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-3813"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-4197"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-4198"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-4204"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-4206"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2010-4577"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2011:0177"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:webkitgtk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:webkitgtk-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:webkitgtk-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:webkitgtk-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.0");

  script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2011/01/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/01/26");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2011:0177";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL6", reference:"webkitgtk-1.2.6-2.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", reference:"webkitgtk-debuginfo-1.2.6-2.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", reference:"webkitgtk-devel-1.2.6-2.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"i686", reference:"webkitgtk-doc-1.2.6-2.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"s390x", reference:"webkitgtk-doc-1.2.6-2.el6_0")) flag++;

  if (rpm_check(release:"RHEL6", cpu:"x86_64", reference:"webkitgtk-doc-1.2.6-2.el6_0")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "webkitgtk / webkitgtk-debuginfo / webkitgtk-devel / webkitgtk-doc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxwebkitgtkp-cpe:/a:redhat:enterprise_linux:webkitgtk
redhatenterprise_linuxwebkitgtk-debuginfop-cpe:/a:redhat:enterprise_linux:webkitgtk-debuginfo
redhatenterprise_linuxwebkitgtk-develp-cpe:/a:redhat:enterprise_linux:webkitgtk-devel
redhatenterprise_linuxwebkitgtk-docp-cpe:/a:redhat:enterprise_linux:webkitgtk-doc
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux6.0cpe:/o:redhat:enterprise_linux:6.0

References

Related

nessus 25
redhat 1
openvas 35
oraclelinux 1
freebsd 3
securityvulns 6
fedora 6
gentoo 1
ubuntucve 20
ubuntu 1
prion 21
veracode 20
cve 21
debiancve 17
checkpoint_advisories 6
threatpost 1
android 1
seebug 4
zdi 4
packetstorm 2
exploitpack 2
canvas 1
nessus
nessus
Scientific Linux Security Update : webkitgtk on SL6.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 6 : webkitgtk (ELSA-2011-0177)
2013-07-12 00:00:00
FreeBSD : Webkit-gtk2 -- Multiple Vulnabilities (e5090d2a-dbbe-11df-82f8-0015f2db7bde)
2010-10-21 00:00:00
redhat
redhat
(RHSA-2011:0177) Moderate: webkitgtk security update
2011-01-25 00:00:00
openvas
openvas
RedHat Update for webkitgtk RHSA-2011:0177-01
2012-06-05 00:00:00
RedHat Update for webkitgtk RHSA-2011:0177-01
2012-06-05 00:00:00
Oracle: Security Advisory (ELSA-2011-0177)
2015-10-06 00:00:00
oraclelinux
oraclelinux
webkitgtk security update
2011-02-10 00:00:00
freebsd
freebsd
Webkit-gtk2 -- Multiple Vulnabilities
2010-10-01 00:00:00
webkit-gtk2 -- Multiple vulnerabilities
2010-12-28 00:00:00
webkit-gtk2 -- Multiple vulnerabilities
2010-09-07 00:00:00
securityvulns
securityvulns
About the security content of Safari 5.0.1 and Safari 4.1.1
2010-08-08 00:00:00
Apple Webkit / Safari multiple security vulnerabilities
2010-08-14 00:00:00
About the security content of Safari 5.0.3 and Safari 4.1.3
2010-11-20 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: webkitgtk-1.2.6-1.fc13
2011-01-07 20:01:55
[SECURITY] Fedora 12 Update: webkitgtk-1.2.5-1.fc12
2010-10-19 07:09:06
[SECURITY] Fedora 13 Update: webkitgtk-1.2.5-1.fc13
2010-10-19 07:21:56
gentoo
gentoo
Multiple packages, Multiple vulnerabilities fixed in 2011
2014-12-11 00:00:00
ubuntucve
ubuntucve
CVE-2010-1812
2010-09-09 00:00:00
CVE-2010-1814
2010-09-09 00:00:00
CVE-2010-3255
2010-09-07 00:00:00
ubuntu
ubuntu
WebKit vulnerabilities
2011-08-23 00:00:00
prion
prion
Memory corruption
2010-09-07 18:00:00
Design/Logic Flaw
2010-09-09 22:00:00
Design/Logic Flaw
2010-07-30 20:30:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 00:53:19
Remote Code Execution (RCE)
2020-04-10 00:53:16
Arbitrary Code Execution
2020-04-10 00:53:14
cve
cve
CVE-2010-3255
2010-09-07 18:00:00
CVE-2010-1780
2010-07-30 20:30:00
CVE-2010-1783
2010-07-30 20:30:00
debiancve
debiancve
CVE-2010-3255
2010-09-07 18:00:00
CVE-2010-1784
2010-07-30 20:30:00
CVE-2010-4198
2010-11-06 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple Safari Webkit Floating Point Data Type Code Execution - Ver2 (CVE-2010-1807)
2014-01-07 00:00:00
Apple Safari WebKit Menu Onchange Memory Corruption (CVE-2010-1814)
2011-02-24 00:00:00
Apple Safari WebKit Rendering Counter Code Execution (CVE-2010-1784)
2010-11-08 00:00:00
threatpost
threatpost
Researcher Publishes Android Browser Exploit
2010-11-08 15:26:31
android
android
Use-After-Free Remote
2010-11-14 00:00:00
seebug
seebug
Android 2.0/2.1 Use-After-Free Remote Code Execution on Webkit
2010-11-17 00:00:00
Android 2.0-2.1 - Reverse Shell Exploit
2014-07-01 00:00:00
Android 2.0/2.1 - Use-After-Free Remote Code Execution on Webkit
2014-07-01 00:00:00
zdi
zdi
Apple Webkit Rendering Counter Remote Code Execution Vulnerability
2010-08-09 00:00:00
Apple Webkit SVG Floating Text Element Remote Code Execution Vulnerability
2010-08-11 00:00:00
Apple Webkit SVG First-Letter Style Remote Code Execution Vulnerability
2010-08-05 00:00:00
packetstorm
packetstorm
Android 2.0 / 2.1 Use-After-Free Remote Code Execution
2010-11-16 00:00:00
Android 2.0 / 2.1 Reverse Shell Exploit
2010-11-05 00:00:00
exploitpack
exploitpack
Google Android 2.02.1 - Use-After-Free Remote Code Execution on Webkit
2010-11-15 00:00:00
Google Android 2.0 2.1 - Code Execution (Reverse Shell 10.0.2.2:2222TCP)
2010-11-05 00:00:00
canvas
canvas
Immunity Canvas: CVE_2010_1807
2010-09-10 19:00:00
JSON
Related for REDHAT-RHSA-2011-0177.NASL
nessus25redhat1openvas35oraclelinux1freebsd3securityvulns6fedora6gentoo1ubuntucve20ubuntu1prion21veracode20cve21debiancve17checkpoint_advisories6threatpost1android1seebug4zdi4packetstorm2exploitpack2canvas1