Lucene search
K

Linux Distros Unpatched Vulnerability : CVE-2017-10904

🗓️ 10 Sep 2025 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 1 Views

Unpatched Linux and Unix hosts with Qt framework for Android vulnerable to remote command execution (CVE-2017-10904).

Related
Refs
Code
ReporterTitlePublishedViews
Family
CVE
CVE-2017-10904
15 Dec 201714:00
cve
Cvelist
CVE-2017-10904
15 Dec 201714:00
cvelist
EUVD
EUVD-2017-2544
7 Oct 202500:30
euvd
F5 Networks
K000148242: Qt vulnerability CVE-2017-10904
24 Oct 202408:32
f5
Japan Vulnerability Notes
JVN#67389262: Qt for Android vulnerable to OS command injection
11 Dec 201700:00
jvn
Japan Vulnerability Notes
Qt for Android vulnerable to OS command injection
11 Dec 201704:40
jvn
NVD
CVE-2017-10904
16 Dec 201702:29
nvd
OSV
UBUNTU-CVE-2017-10904
16 Dec 201702:29
osv
Prion
Design/Logic Flaw
16 Dec 201702:29
prion
Rosalinux
Advisory ROSA-SA-2021-1959
2 Jul 202118:04
rosalinux
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(263324);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/10");

  script_cve_id("CVE-2017-10904");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2017-10904");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - Qt for Android prior to 5.9.0 allows remote attackers to execute arbitrary OS commands via unspecified
    vectors. (CVE-2017-10904)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://ubuntu.com/security/CVE-2017-10904");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-10904");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/09/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04:-:lts");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qt4-x11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:qtbase-opensource-src");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl", "set_linux_os_id.nasl");
  script_require_keys("Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched", "Host/OS/identifier");
  script_require_ports("Host/OS/Ubuntu Linux-14.04", "Host/OS/Ubuntu Linux-16.04");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Ubuntu Linux-14.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "14.04",
        "pkgs": [
          {"reference": "libqt4-assistant"},
          {"reference": "libqt4-core"},
          {"reference": "libqt4-dbg"},
          {"reference": "libqt4-dbus"},
          {"reference": "libqt4-declarative"},
          {"reference": "libqt4-declarative-folderlistmodel"},
          {"reference": "libqt4-declarative-gestures"},
          {"reference": "libqt4-declarative-particles"},
          {"reference": "libqt4-declarative-shaders"},
          {"reference": "libqt4-designer"},
          {"reference": "libqt4-designer-dbg"},
          {"reference": "libqt4-dev"},
          {"reference": "libqt4-dev-bin"},
          {"reference": "libqt4-gui"},
          {"reference": "libqt4-help"},
          {"reference": "libqt4-network"},
          {"reference": "libqt4-opengl"},
          {"reference": "libqt4-opengl-dev"},
          {"reference": "libqt4-private-dev"},
          {"reference": "libqt4-qt3support"},
          {"reference": "libqt4-qt3support-dbg"},
          {"reference": "libqt4-script"},
          {"reference": "libqt4-script-dbg"},
          {"reference": "libqt4-scripttools"},
          {"reference": "libqt4-sql"},
          {"reference": "libqt4-sql-mysql"},
          {"reference": "libqt4-sql-odbc"},
          {"reference": "libqt4-sql-psql"},
          {"reference": "libqt4-sql-sqlite"},
          {"reference": "libqt4-sql-tds"},
          {"reference": "libqt4-svg"},
          {"reference": "libqt4-test"},
          {"reference": "libqt4-webkit"},
          {"reference": "libqt4-webkit-dbg"},
          {"reference": "libqt4-xml"},
          {"reference": "libqt4-xmlpatterns"},
          {"reference": "libqt4-xmlpatterns-dbg"},
          {"reference": "libqtcore4"},
          {"reference": "libqtdbus4"},
          {"reference": "libqtgui4"},
          {"reference": "qdbus"},
          {"reference": "qt4-bin-dbg"},
          {"reference": "qt4-default"},
          {"reference": "qt4-demos"},
          {"reference": "qt4-demos-dbg"},
          {"reference": "qt4-designer"},
          {"reference": "qt4-dev-tools"},
          {"reference": "qt4-doc"},
          {"reference": "qt4-doc-html"},
          {"reference": "qt4-linguist-tools"},
          {"reference": "qt4-qmake"},
          {"reference": "qt4-qmlviewer"},
          {"reference": "qt4-qtconfig"},
          {"reference": "qtcore4-l10n"}
        ]
      }
    ]
  },
  "Ubuntu Linux-16.04": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "16.04",
        "pkgs": [
          {"reference": "libqt4-dbg"},
          {"reference": "libqt4-dbus"},
          {"reference": "libqt4-declarative"},
          {"reference": "libqt4-declarative-folderlistmodel"},
          {"reference": "libqt4-declarative-gestures"},
          {"reference": "libqt4-declarative-particles"},
          {"reference": "libqt4-declarative-shaders"},
          {"reference": "libqt4-designer"},
          {"reference": "libqt4-designer-dbg"},
          {"reference": "libqt4-dev"},
          {"reference": "libqt4-dev-bin"},
          {"reference": "libqt4-help"},
          {"reference": "libqt4-network"},
          {"reference": "libqt4-opengl"},
          {"reference": "libqt4-opengl-dev"},
          {"reference": "libqt4-qt3support"},
          {"reference": "libqt4-qt3support-dbg"},
          {"reference": "libqt4-script"},
          {"reference": "libqt4-script-dbg"},
          {"reference": "libqt4-scripttools"},
          {"reference": "libqt4-sql"},
          {"reference": "libqt4-sql-mysql"},
          {"reference": "libqt4-sql-odbc"},
          {"reference": "libqt4-sql-psql"},
          {"reference": "libqt4-sql-sqlite"},
          {"reference": "libqt4-sql-tds"},
          {"reference": "libqt4-svg"},
          {"reference": "libqt4-test"},
          {"reference": "libqt4-xml"},
          {"reference": "libqt4-xmlpatterns"},
          {"reference": "libqt4-xmlpatterns-dbg"},
          {"reference": "libqt5concurrent5"},
          {"reference": "libqt5core5a"},
          {"reference": "libqt5dbus5"},
          {"reference": "libqt5gui5"},
          {"reference": "libqt5libqgtk2"},
          {"reference": "libqt5network5"},
          {"reference": "libqt5opengl5"},
          {"reference": "libqt5opengl5-dev"},
          {"reference": "libqt5printsupport5"},
          {"reference": "libqt5sql5"},
          {"reference": "libqt5sql5-mysql"},
          {"reference": "libqt5sql5-odbc"},
          {"reference": "libqt5sql5-psql"},
          {"reference": "libqt5sql5-sqlite"},
          {"reference": "libqt5sql5-tds"},
          {"reference": "libqt5test5"},
          {"reference": "libqt5widgets5"},
          {"reference": "libqt5xml5"},
          {"reference": "libqtcore4"},
          {"reference": "libqtdbus4"},
          {"reference": "libqtgui4"},
          {"reference": "qdbus"},
          {"reference": "qt4-bin-dbg"},
          {"reference": "qt4-default"},
          {"reference": "qt4-demos"},
          {"reference": "qt4-demos-dbg"},
          {"reference": "qt4-designer"},
          {"reference": "qt4-dev-tools"},
          {"reference": "qt4-doc"},
          {"reference": "qt4-doc-html"},
          {"reference": "qt4-linguist-tools"},
          {"reference": "qt4-qmake"},
          {"reference": "qt4-qmlviewer"},
          {"reference": "qt4-qtconfig"},
          {"reference": "qt5-default"},
          {"reference": "qt5-qmake"},
          {"reference": "qt5-qmake-arm-linux-gnueabihf"},
          {"reference": "qtbase5-dbg"},
          {"reference": "qtbase5-dev"},
          {"reference": "qtbase5-dev-tools"},
          {"reference": "qtbase5-dev-tools-dbg"},
          {"reference": "qtbase5-doc-html"},
          {"reference": "qtbase5-examples"},
          {"reference": "qtbase5-examples-dbg"},
          {"reference": "qtbase5-private-dev"},
          {"reference": "qtcore4-l10n"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

10 Sep 2025 00:00Current
8.8High risk
Vulners AI Score8.8
CVSS 27.5
CVSS 39.8
EPSS0.01958
1