ID OPENVAS:841319 Type openvas Reporter Copyright (c) 2013 Greenbone Networks GmbH Modified 2017-12-01T00:00:00
Description
Check for the Version of qt4-x11
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1723_1.nasl 7958 2017-12-01 06:47:47Z santu $
#
# Ubuntu Update for qt4-x11 USN-1723-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting
requests from http to file schemes. If an attacker were able to perform a
man-in-the-middle attack, this flaw could be exploited to view sensitive
information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,
and Ubuntu 12.10. (CVE-2012-5624)
Stephen Cheng discovered that Qt may report incorrect errors when ssl
certificate verification fails. (CVE-2012-6093)
Tim Brown and Mark Lowe discovered that Qt incorrectly used weak
permissions on shared memory segments. A local attacker could use this
issue to view sensitive information, or modify program data belonging to
other users. (CVE-2013-0254)";
tag_affected = "qt4-x11 on Ubuntu 12.10 ,
Ubuntu 12.04 LTS ,
Ubuntu 11.10 ,
Ubuntu 10.04 LTS";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name: "URL" , value: "http://www.ubuntu.com/usn/usn-1723-1/");
script_id(841319);
script_version("$Revision: 7958 $");
script_tag(name:"last_modification", value:"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $");
script_tag(name:"creation_date", value:"2013-02-15 11:25:30 +0530 (Fri, 15 Feb 2013)");
script_cve_id("CVE-2012-5624", "CVE-2012-6093", "CVE-2013-0254");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_xref(name: "USN", value: "1723-1");
script_name("Ubuntu Update for qt4-x11 USN-1723-1");
script_summary("Check for the Version of qt4-x11");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-deb.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "UBUNTU12.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libqt4-core", ver:"4:4.8.1-0ubuntu4.4", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libqt4-network", ver:"4:4.8.1-0ubuntu4.4", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU11.10")
{
if ((res = isdpkgvuln(pkg:"libqt4-core", ver:"4:4.7.4-0ubuntu8.3", rls:"UBUNTU11.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libqt4-network", ver:"4:4.7.4-0ubuntu8.3", rls:"UBUNTU11.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libqt4-core", ver:"4:4.6.2-0ubuntu5.6", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libqt4-network", ver:"4:4.6.2-0ubuntu5.6", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "UBUNTU12.10")
{
if ((res = isdpkgvuln(pkg:"libqt4-core", ver:"4:4.8.3+dfsg-0ubuntu3.1", rls:"UBUNTU12.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"libqt4-network", ver:"4:4.8.3+dfsg-0ubuntu3.1", rls:"UBUNTU12.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
{"bulletinFamily": "scanner", "viewCount": 0, "naslFamily": "Ubuntu Local Security Checks", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["http://www.ubuntu.com/usn/usn-1723-1/", "1723-1"], "description": "Check for the Version of qt4-x11", "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "85fc01096e8199a5e6dd9f754b4dd352"}, {"key": "cvss", "hash": "3c236091754d2db00c1c42f811b3ada4"}, {"key": "description", "hash": "713a52ec7e1634d247261f612ec90ada"}, {"key": "href", "hash": "928a05c13d3bd1dd4f13fcaae62c0f45"}, {"key": "modified", "hash": "4177cfab30bf9f48767b3f5f7a715513"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "pluginID", "hash": "a0f69727a553f460b16357a71c8c8e26"}, {"key": "published", "hash": "29096c7944807b6a6c6ec6e61656dad5"}, {"key": "references", "hash": "b6ec90ce9bc66e205aac16e345443bda"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "sourceData", "hash": "2df22ed17f66640a50bc028711af54ec"}, {"key": "title", "hash": "1fe35b08e35ddccd2a7d0e4c9192bc6f"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}], "href": "http://plugins.openvas.org/nasl.php?oid=841319", "modified": "2017-12-01T00:00:00", "objectVersion": "1.3", "enchantments": {"vulnersScore": 7.2}, "id": "OPENVAS:841319", "title": "Ubuntu Update for qt4-x11 USN-1723-1", "hash": "f1c50f187c5a13b37aea9b77d0d1e7fd05eba655439a63e22cb21bc6e0ab3dba", "edition": 3, "published": "2013-02-15T00:00:00", "type": "openvas", "history": [{"lastseen": "2017-07-25T10:52:12", "bulletin": {"hash": "45e262e43aba7292d798267b553d8c1b0c62e5c79178b9c264fdf577d3b7c7f2", "viewCount": 0, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-February/001995.html", "1723-1"], "description": "Check for the Version of qt4-x11", "hashmap": [{"key": "description", "hash": "713a52ec7e1634d247261f612ec90ada"}, {"key": "references", "hash": "9961609a03a791aa1a7a45014f951894"}, {"key": "href", "hash": "928a05c13d3bd1dd4f13fcaae62c0f45"}, {"key": "sourceData", "hash": "f5dceedff5b93b82bfd88e94d1ec6b4e"}, {"key": "cvss", "hash": "3c236091754d2db00c1c42f811b3ada4"}, {"key": "cvelist", "hash": "85fc01096e8199a5e6dd9f754b4dd352"}, {"key": "pluginID", "hash": "a0f69727a553f460b16357a71c8c8e26"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "published", "hash": "29096c7944807b6a6c6ec6e61656dad5"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "title", "hash": "1fe35b08e35ddccd2a7d0e4c9192bc6f"}, {"key": "modified", "hash": "0d134bf170d66438eb1e01173ee0187f"}], "naslFamily": "Ubuntu Local Security Checks", "modified": "2017-07-10T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=841319", "published": "2013-02-15T00:00:00", "enchantments": {}, "id": "OPENVAS:841319", "title": "Ubuntu Update for qt4-x11 USN-1723-1", "bulletinFamily": "scanner", "edition": 2, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for qt4-x11 USN-1723-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting\n requests from http to file schemes. If an attacker were able to perform a\n man-in-the-middle attack, this flaw could be exploited to view sensitive\n information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,\n and Ubuntu 12.10. (CVE-2012-5624)\n\n Stephen Cheng discovered that Qt may report incorrect errors when ssl\n certificate verification fails. (CVE-2012-6093)\n \n Tim Brown and Mark Lowe discovered that Qt incorrectly used weak\n permissions on shared memory segments. A local attacker could use this\n issue to view sensitive information, or modify program data belonging to\n other users. (CVE-2013-0254)\";\n\n\ntag_affected = \"qt4-x11 on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-February/001995.html\");\n script_id(841319);\n script_version(\"$Revision: 6644 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:01:20 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:25:30 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-5624\", \"CVE-2012-6093\", \"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1723-1\");\n script_name(\"Ubuntu Update for qt4-x11 USN-1723-1\");\n\n script_summary(\"Check for the Version of qt4-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "type": "openvas", "history": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "lastseen": "2017-07-25T10:52:12", "pluginID": "841319"}, "differentElements": ["references", "modified", "sourceData"], "edition": 2}, {"lastseen": "2017-07-02T21:11:24", "bulletin": {"hash": "dd49492c691be6c408c1813ba505b84ae3b6888fcedf144e0833dd2f50c9b7d4", "viewCount": 0, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "references": ["https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-February/001995.html", "1723-1"], "description": "Check for the Version of qt4-x11", "hashmap": [{"key": "description", "hash": "713a52ec7e1634d247261f612ec90ada"}, {"key": "references", "hash": "9961609a03a791aa1a7a45014f951894"}, {"key": "href", "hash": "928a05c13d3bd1dd4f13fcaae62c0f45"}, {"key": "cvss", "hash": "3c236091754d2db00c1c42f811b3ada4"}, {"key": "cvelist", "hash": "85fc01096e8199a5e6dd9f754b4dd352"}, {"key": "sourceData", "hash": "2472c4603a7a7fa8df6d8e933961b2f2"}, {"key": "pluginID", "hash": "a0f69727a553f460b16357a71c8c8e26"}, {"key": "reporter", "hash": "1a99a5f9a50e5bac3b749d8558d5e46b"}, {"key": "type", "hash": "47c1f692ea47a21f716dad07043ade01"}, {"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "published", "hash": "29096c7944807b6a6c6ec6e61656dad5"}, {"key": "naslFamily", "hash": "c9b7d00377a789a14c9bb9dab6c7168c"}, {"key": "title", "hash": "1fe35b08e35ddccd2a7d0e4c9192bc6f"}, {"key": "modified", "hash": "7051729c0f7d59754d3ea03444ffd611"}], "naslFamily": "Ubuntu Local Security Checks", "modified": "2016-03-24T00:00:00", "objectVersion": "1.3", "href": "http://plugins.openvas.org/nasl.php?oid=841319", "published": "2013-02-15T00:00:00", "enchantments": {}, "id": "OPENVAS:841319", "title": "Ubuntu Update for qt4-x11 USN-1723-1", "bulletinFamily": "scanner", "edition": 1, "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for qt4-x11 USN-1723-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting\n requests from http to file schemes. If an attacker were able to perform a\n man-in-the-middle attack, this flaw could be exploited to view sensitive\n information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,\n and Ubuntu 12.10. (CVE-2012-5624)\n\n Stephen Cheng discovered that Qt may report incorrect errors when ssl\n certificate verification fails. (CVE-2012-6093)\n \n Tim Brown and Mark Lowe discovered that Qt incorrectly used weak\n permissions on shared memory segments. A local attacker could use this\n issue to view sensitive information, or modify program data belonging to\n other users. (CVE-2013-0254)\";\n\n\ntag_affected = \"qt4-x11 on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://lists.ubuntu.com/archives/ubuntu-security-announce/2013-February/001995.html\");\n script_id(841319);\n script_version(\"$Revision: 2930 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-03-24 09:09:53 +0100 (Thu, 24 Mar 2016) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:25:30 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-5624\", \"CVE-2012-6093\", \"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1723-1\");\n script_name(\"Ubuntu Update for qt4-x11 USN-1723-1\");\n\n script_summary(\"Check for the Version of qt4-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\", \"HostDetails/OS/cpe:/o:canonical:ubuntu_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "type": "openvas", "history": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "lastseen": "2017-07-02T21:11:24", "pluginID": "841319"}, "differentElements": ["modified", "sourceData"], "edition": 1}], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "lastseen": "2017-12-04T11:22:26", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1723_1.nasl 7958 2017-12-01 06:47:47Z santu $\n#\n# Ubuntu Update for qt4-x11 USN-1723-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting\n requests from http to file schemes. If an attacker were able to perform a\n man-in-the-middle attack, this flaw could be exploited to view sensitive\n information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS,\n and Ubuntu 12.10. (CVE-2012-5624)\n\n Stephen Cheng discovered that Qt may report incorrect errors when ssl\n certificate verification fails. (CVE-2012-6093)\n \n Tim Brown and Mark Lowe discovered that Qt incorrectly used weak\n permissions on shared memory segments. A local attacker could use this\n issue to view sensitive information, or modify program data belonging to\n other users. (CVE-2013-0254)\";\n\n\ntag_affected = \"qt4-x11 on Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1723-1/\");\n script_id(841319);\n script_version(\"$Revision: 7958 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:47:47 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-02-15 11:25:30 +0530 (Fri, 15 Feb 2013)\");\n script_cve_id(\"CVE-2012-5624\", \"CVE-2012-6093\", \"CVE-2013-0254\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"USN\", value: \"1723-1\");\n script_name(\"Ubuntu Update for qt4-x11 USN-1723-1\");\n\n script_summary(\"Check for the Version of qt4-x11\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.1-0ubuntu4.4\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.7.4-0ubuntu8.3\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.6.2-0ubuntu5.6\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libqt4-core\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libqt4-network\", ver:\"4:4.8.3+dfsg-0ubuntu3.1\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "pluginID": "841319"}
{"result": {"cve": [{"id": "CVE-2013-0254", "type": "cve", "title": "CVE-2013-0254", "description": "The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.", "published": "2013-02-06T07:05:43", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0254", "cvelist": ["CVE-2013-0254"], "lastseen": "2016-09-03T17:51:41"}, {"id": "CVE-2012-5624", "type": "cve", "title": "CVE-2012-5624", "description": "The XMLHttpRequest object in Qt before 4.8.4 enables http redirection to the file scheme, which allows man-in-the-middle attackers to force the read of arbitrary local files and possibly obtain sensitive information via a file: URL to a QML application.", "published": "2013-02-24T14:55:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5624", "cvelist": ["CVE-2012-5624"], "lastseen": "2016-09-03T17:17:35"}, {"id": "CVE-2012-6093", "type": "cve", "title": "CVE-2012-6093", "description": "The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an \"incompatible structure layout\" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.", "published": "2013-02-24T14:55:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6093", "cvelist": ["CVE-2012-6093"], "lastseen": "2016-09-03T17:22:21"}], "nessus": [{"id": "FEDORA_2013-2041.NASL", "type": "nessus", "title": "Fedora 18 : qt-4.8.4-11.fc18 (2013-2041)", "description": "it fixes security flaw was found in the way QSharedMemory class, CVE-2013-0254\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-02-13T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64603", "cvelist": ["CVE-2013-0254"], "lastseen": "2017-10-29T13:43:31"}, {"id": "OPENSUSE-2013-179.NASL", "type": "nessus", "title": "openSUSE Security Update : libqt4 (openSUSE-SU-2013:0403-1)", "description": "libqt4 was updated to fix a information disclosure via QSharedMemory (CVE-2013-0254).", "published": "2014-06-13T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74917", "cvelist": ["CVE-2013-0254"], "lastseen": "2017-10-29T13:35:57"}, {"id": "CENTOS_RHSA-2013-0669.NASL", "type": "nessus", "title": "CentOS 6 : qt (CESA-2013:0669)", "description": "Updated qt packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nQt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.\n\nIt was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Qt libraries must be restarted for this update to take effect.", "published": "2013-03-24T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65661", "cvelist": ["CVE-2013-0254"], "lastseen": "2017-10-29T13:33:25"}, {"id": "ORACLELINUX_ELSA-2013-0669.NASL", "type": "nessus", "title": "Oracle Linux 6 : qt (ELSA-2013-0669)", "description": "From Red Hat Security Advisory 2013:0669 :\n\nUpdated qt packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nQt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.\n\nIt was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Qt libraries must be restarted for this update to take effect.", "published": "2013-07-12T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=68795", "cvelist": ["CVE-2013-0254"], "lastseen": "2017-10-29T13:39:00"}, {"id": "REDHAT-RHSA-2013-0669.NASL", "type": "nessus", "title": "RHEL 6 : qt (RHSA-2013:0669)", "description": "Updated qt packages that fix one security issue are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nQt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System.\n\nIt was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Qt libraries must be restarted for this update to take effect.", "published": "2013-03-22T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65652", "cvelist": ["CVE-2013-0254"], "lastseen": "2017-10-29T13:38:06"}, {"id": "OPENSUSE-2013-178.NASL", "type": "nessus", "title": "openSUSE Security Update : libqt4 (openSUSE-SU-2013:0404-1)", "description": "libqt4 was updated to fix a information disclosure via QSharedMemory (CVE-2013-0254).", "published": "2014-06-13T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=74916", "cvelist": ["CVE-2013-0254"], "lastseen": "2017-10-29T13:42:53"}, {"id": "SL_20130321_QT_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : qt on SL6.x i386/x86_64", "description": "It was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment. (CVE-2013-0254)\n\nAll running applications linked against Qt libraries must be restarted for this update to take effect.", "published": "2013-03-22T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65654", "cvelist": ["CVE-2013-0254"], "lastseen": "2017-10-29T13:39:47"}, {"id": "FEDORA_2013-1997.NASL", "type": "nessus", "title": "Fedora 17 : qt-4.8.4-11.fc17 (2013-1997)", "description": "it fixes security flaw was found in the way QSharedMemory class, CVE-2013-0254\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-02-25T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=64868", "cvelist": ["CVE-2013-0254"], "lastseen": "2017-10-29T13:39:13"}, {"id": "SUSE_11_LIBQTWEBKIT-DEVEL-130302.NASL", "type": "nessus", "title": "SuSE 11.2 Security Update : libqt4 (SAT Patch Number 7441)", "description": "libqt4 has been updated to fix several security issues.\n\n - An information disclosure via QSharedMemory was fixed which allowed local attackers to read information (e.g.\n bitmap content) from the attacked user. (CVE-2013-0254)\n\n - openssl-incompatibility-fix.diff: Fix wrong error reporting when using a binary incompatible version of openSSL. (bnc#797006, CVE-2012-6093)\n\n - Various compromised SSL root certificates were blacklisted. Also a non-security bugfix has been applied :\n\n - Add fix for qdbusviewer not matching args (bnc#784197)", "published": "2013-03-15T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=65568", "cvelist": ["CVE-2013-0254", "CVE-2012-6093"], "lastseen": "2017-10-29T13:39:53"}, {"id": "GENTOO_GLSA-201311-14.NASL", "type": "nessus", "title": "GLSA-201311-14 : QtCore, QtGui: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201311-14 (QtCore, QtGui: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in QtCore and QtGui.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user to open a specially crafted file with an application linked against QtCore or QtGui, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections.\n Workaround :\n\n There is no known workaround at this time.", "published": "2013-11-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=71073", "cvelist": ["CVE-2013-0254", "CVE-2011-3193"], "lastseen": "2017-10-29T13:37:08"}], "openvas": [{"id": "OPENVAS:1361412562310870969", "type": "openvas", "title": "RedHat Update for qt RHSA-2013:0669-01", "description": "Check for the Version of qt", "published": "2013-03-22T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870969", "cvelist": ["CVE-2013-0254"], "lastseen": "2018-04-06T11:21:00"}, {"id": "OPENVAS:1361412562310881696", "type": "openvas", "title": "CentOS Update for phonon-backend-gstreamer CESA-2013:0669 centos6 ", "description": "Check for the Version of phonon-backend-gstreamer", "published": "2013-03-22T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881696", "cvelist": ["CVE-2013-0254"], "lastseen": "2018-04-09T11:24:08"}, {"id": "OPENVAS:865355", "type": "openvas", "title": "Fedora Update for qt FEDORA-2013-2041", "description": "Check for the Version of qt", "published": "2013-02-15T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=865355", "cvelist": ["CVE-2013-0254"], "lastseen": "2018-02-05T11:10:21"}, {"id": "OPENVAS:1361412562310123656", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2013-0669", "description": "Oracle Linux Local Security Checks ELSA-2013-0669", "published": "2015-10-06T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123656", "cvelist": ["CVE-2013-0254"], "lastseen": "2017-07-24T12:52:21"}, {"id": "OPENVAS:881696", "type": "openvas", "title": "CentOS Update for phonon-backend-gstreamer CESA-2013:0669 centos6 ", "description": "Check for the Version of phonon-backend-gstreamer", "published": "2013-03-22T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=881696", "cvelist": ["CVE-2013-0254"], "lastseen": "2017-07-25T10:52:02"}, {"id": "OPENVAS:870969", "type": "openvas", "title": "RedHat Update for qt RHSA-2013:0669-01", "description": "Check for the Version of qt", "published": "2013-03-22T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=870969", "cvelist": ["CVE-2013-0254"], "lastseen": "2018-01-26T11:09:26"}, {"id": "OPENVAS:1361412562310865355", "type": "openvas", "title": "Fedora Update for qt FEDORA-2013-2041", "description": "Check for the Version of qt", "published": "2013-02-15T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865355", "cvelist": ["CVE-2013-0254"], "lastseen": "2018-04-06T11:21:09"}, {"id": "OPENVAS:865392", "type": "openvas", "title": "Fedora Update for qt FEDORA-2013-1997", "description": "Check for the Version of qt", "published": "2013-03-01T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=865392", "cvelist": ["CVE-2013-0254"], "lastseen": "2017-07-25T10:51:53"}, {"id": "OPENVAS:1361412562310865392", "type": "openvas", "title": "Fedora Update for qt FEDORA-2013-1997", "description": "Check for the Version of qt", "published": "2013-03-01T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310865392", "cvelist": ["CVE-2013-0254"], "lastseen": "2018-04-09T11:23:31"}, {"id": "OPENVAS:1361412562310121073", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201311-14", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201311-14", "published": "2015-09-29T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121073", "cvelist": ["CVE-2013-0254", "CVE-2011-3193"], "lastseen": "2018-04-09T11:28:08"}], "centos": [{"id": "CESA-2013:0669", "type": "centos", "title": "phonon, qt security update", "description": "**CentOS Errata and Security Advisory** CESA-2013:0669\n\n\nQt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X Window\nSystem.\n\nIt was discovered that the QSharedMemory class implementation of the Qt\ntoolkit created shared memory segments with insecure permissions. A local\nattacker could use this flaw to read or alter the contents of a particular\nshared memory segment, possibly leading to their ability to obtain\nsensitive information or influence the behavior of a process that is using\nthe shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\nSecurity Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. All running applications linked\nagainst Qt libraries must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2013-March/019662.html\n\n**Affected packages:**\nphonon-backend-gstreamer\nqt\nqt-demos\nqt-devel\nqt-doc\nqt-examples\nqt-mysql\nqt-odbc\nqt-postgresql\nqt-sqlite\nqt-x11\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2013-0669.html", "published": "2013-03-21T22:39:15", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2013-March/019662.html", "cvelist": ["CVE-2013-0254"], "lastseen": "2017-10-03T18:25:53"}], "redhat": [{"id": "RHSA-2013:0669", "type": "redhat", "title": "(RHSA-2013:0669) Moderate: qt security update", "description": "Qt is a software toolkit that simplifies the task of writing and\nmaintaining GUI (Graphical User Interface) applications for the X Window\nSystem.\n\nIt was discovered that the QSharedMemory class implementation of the Qt\ntoolkit created shared memory segments with insecure permissions. A local\nattacker could use this flaw to read or alter the contents of a particular\nshared memory segment, possibly leading to their ability to obtain\nsensitive information or influence the behavior of a process that is using\nthe shared memory segment. (CVE-2013-0254)\n\nRed Hat would like to thank the Qt project for reporting this issue.\nUpstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer\nSecurity Ltd. as the original reporters.\n\nUsers of Qt should upgrade to these updated packages, which contain a\nbackported patch to correct this issue. All running applications linked\nagainst Qt libraries must be restarted for this update to take effect.\n", "published": "2013-03-21T04:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2013:0669", "cvelist": ["CVE-2013-0254"], "lastseen": "2018-06-06T18:05:33"}], "oraclelinux": [{"id": "ELSA-2013-0669", "type": "oraclelinux", "title": "qt security update", "description": "[1:4.6.2-26]\n- Resolves: CVE-2013-0254, QSharedMemory class created shared memory segments with insecure permissions", "published": "2013-03-21T00:00:00", "cvss": {"score": 3.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2013-0669.html", "cvelist": ["CVE-2013-0254"], "lastseen": "2016-09-04T11:16:45"}], "gentoo": [{"id": "GLSA-201311-14", "type": "gentoo", "title": "QtCore, QtGui: Multiple vulnerabilities", "description": "### Background\n\nThe Qt toolkit is a comprehensive C++ application development framework.\n\n### Description\n\nMultiple vulnerabilities have been discovered in QtCore and QtGui. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file with an application linked against QtCore or QtGui, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Furthermore, a remote attacker might employ a specially crafted certificate to conduct man-in-the-middle attacks on SSL connections. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll QtCore users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtcore-4.8.4-r2\"\n \n\nAll QtGui users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-qt/qtgui-4.8.4-r1\"\n \n\nPackages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.", "published": "2013-11-22T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201311-14", "cvelist": ["CVE-2013-0254", "CVE-2011-3193"], "lastseen": "2016-09-06T19:46:25"}], "ubuntu": [{"id": "USN-1723-1", "type": "ubuntu", "title": "Qt vulnerabilities", "description": "Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting requests from http to file schemes. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. (CVE-2012-5624)\n\nStephen Cheng discovered that Qt may report incorrect errors when ssl certificate verification fails. (CVE-2012-6093)\n\nTim Brown and Mark Lowe discovered that Qt incorrectly used weak permissions on shared memory segments. A local attacker could use this issue to view sensitive information, or modify program data belonging to other users. (CVE-2013-0254)", "published": "2013-02-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://usn.ubuntu.com/1723-1/", "cvelist": ["CVE-2013-0254", "CVE-2012-5624", "CVE-2012-6093"], "lastseen": "2018-03-29T18:20:49"}], "debian": [{"id": "DLA-210", "type": "debian", "title": "qt4-x11 -- LTS security update", "description": "This update fixes multiple security issues in the Qt library.\n\n * [CVE-2013-0254](<https://security-tracker.debian.org/tracker/CVE-2013-0254>)\n\nThe QSharedMemory class uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.\n\n * [CVE-2015-0295](<https://security-tracker.debian.org/tracker/CVE-2015-0295>) / [CVE-2015-1858](<https://security-tracker.debian.org/tracker/CVE-2015-1858>) / [CVE-2015-1859](<https://security-tracker.debian.org/tracker/CVE-2015-1859>) / [CVE-2015-1860](<https://security-tracker.debian.org/tracker/CVE-2015-1860>)\n\nDenial of service (via segmentation faults) through crafted images (BMP, GIF, ICO).", "published": "2015-04-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/2015/dla-210", "cvelist": ["CVE-2013-0254", "CVE-2015-1858", "CVE-2015-1859", "CVE-2015-0295", "CVE-2015-1860"], "lastseen": "2016-09-02T12:56:41"}]}}
