ID CVE-2007-3388
Summary Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.
References
Vulnerable Configurations
  • cpe:2.3:a:trolltech:qt:3.3.7
    cpe:2.3:a:trolltech:qt:3.3.7
CVSS
Base: 6.8 (as of 06-08-2007 - 09:59)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200708-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200708-16 (Qt: Multiple format string vulnerabilities) Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE reported multiple format string errors in qWarning() calls in files qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp, qsqlrecord.cpp, qglobal.cpp, and qsvgdevice.cpp. Impact : An attacker could trigger one of the vulnerabilities by causing a Qt application to parse specially crafted text, which may lead to the execution of arbitrary code. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 25944
    published 2007-08-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25944
    title GLSA-200708-16 : Qt: Multiple format string vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-2216.NASL
    description - Mon Sep 17 2007 Than Ngo - 1:3.3.8-7 - bz292941, CVE-2007-4137 - Wed Aug 29 2007 Than Ngo - 1:3.3.8-6.fc7.1 - cleanup security patch - Tue Aug 28 2007 Than Ngo - 1:3.3.8-6.fc7 - CVE-2007-3388 qt3 format string flaw - Thu Jun 14 2007 Than Ngo - 1:3.3.8-5.fc7.1 - backport to fix #bz243722, bz#244148, Applications using qt-mysql crash if database is removed before QApplication is destroyed - Mon Apr 23 2007 Than Ngo - 1:3.3.8-5.fc7 - apply patch to fix fontrendering problem in gu_IN #228451,#228452 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 27760
    published 2007-11-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27760
    title Fedora 7 : qt-3.3.8-7.fc7 (2007-2216)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2007-222-03.NASL
    description New qt packages are available for Slackware 10.2, 11.0, and 12.0 to fix format string errors.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 25846
    published 2007-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25846
    title Slackware 10.2 / 11.0 / 12.0 : qt (SSA:2007-222-03)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-495-1.NASL
    description Several format string vulnerabilities have been discovered in Qt warning messages. By causing an application to process specially crafted input data which triggered Qt warnings, this could be exploited to execute arbitrary code with the privilege of the user running the application. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28097
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28097
    title Ubuntu 6.06 LTS / 6.10 / 7.04 : qt-x11-free vulnerability (USN-495-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_QT3-3898.NASL
    description Format string bugs in QTextEdit can be exploited via specially crafted HTML tags to potentially execute code. (CVE-2007-3388)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29565
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29565
    title SuSE 10 Security Update : Qt3 (ZYPP Patch Number 3898)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0721.NASL
    description Updated qt packages that correct an integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Several format string flaws were found in Qt error message handling. If an application linked against Qt created an error message from user-supplied data in a certain way, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-3388) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues. Red Hat would like to acknowledge Tim Brown of Portcullis Computer Security and Dirk Mueller for these issues.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 25828
    published 2007-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25828
    title RHEL 3 / 4 / 5 : qt (RHSA-2007:0721)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2007-703.NASL
    description - Mon Sep 17 2007 Than Ngo - 1:3.3.8-2.fc6 - bz292951, CVE-2007-4137 - Wed Aug 29 2007 Than Ngo - 1:3.3.8-1.fc6.1 - CVE-2007-3388 qt format string flaw - bz#234635, CVE-2007-0242 qt UTF8 improper character expansion Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 26083
    published 2007-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=26083
    title Fedora Core 6 : qt-3.3.8-2.fc6 (2007-703)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0721.NASL
    description Updated qt packages that correct an integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Several format string flaws were found in Qt error message handling. If an application linked against Qt created an error message from user-supplied data in a certain way, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-3388) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues. Red Hat would like to acknowledge Tim Brown of Portcullis Computer Security and Dirk Mueller for these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 38130
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38130
    title CentOS 3 / 4 / 5 : qt (CESA-2007:0721)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-151.NASL
    description A number of format string flaws have been discovered in how Qt handled error messages by Dirk Mueller and Tim Brown of Portcullis Computer Security. If an application linked against Qt created an error message from user-supplied data in a certain way, it could possibly lead to the execution of arbitrary code or a denial of service. This update provides packages which are patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 25835
    published 2007-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25835
    title Mandrake Linux Security Advisory : qt3 (MDKSA-2007:151)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_QT3-3899.NASL
    description Format string bugs in QTextEdit can be exploited via specially crafted HTML tags to potentially execute code (CVE-2007-3388).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27414
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27414
    title openSUSE 10 Security Update : qt3 (qt3-3899)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20070731_QT_ON_SL5_X.NASL
    description Several format string flaws were found in Qt error message handling. If an application linked against Qt created an error message from user-supplied data in a certain way, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-3388)
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 60237
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60237
    title Scientific Linux Security Update : qt on SL5.x, SL4.x, SL3.x i386/x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0721.NASL
    description From Red Hat Security Advisory 2007:0721 : Updated qt packages that correct an integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI (Graphical User Interface) applications for the X Window System. Several format string flaws were found in Qt error message handling. If an application linked against Qt created an error message from user-supplied data in a certain way, it could lead to a denial of service or possibly allow the execution of arbitrary code. (CVE-2007-3388) Users of Qt should upgrade to these updated packages, which contain a backported patch to correct these issues. Red Hat would like to acknowledge Tim Brown of Portcullis Computer Security and Dirk Mueller for these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67545
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67545
    title Oracle Linux 3 / 4 / 5 : qt (ELSA-2007-0721)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1426.NASL
    description Several local/remote vulnerabilities have been discovered in the Qt GUI library. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-3388 Tim Brown and Dirk Muller discovered several format string vulnerabilities in the handling of error messages, which might lead to the execution of arbitrary code. - CVE-2007-4137 Dirk Muller discovered an off-by-one buffer overflow in the Unicode handling, which might lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 29261
    published 2007-12-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29261
    title Debian DSA-1426-1 : qt-x11-free - several vulnerabilities
oval via4
accepted 2013-04-29T04:21:22.685-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.
family unix
id oval:org.mitre.oval:def:9690
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) qdatatable.cpp, (3) qsqldatabase.cpp, (4) qsqlindex.cpp, (5) qsqlrecord.cpp, (6) qglobal.cpp, and (7) qsvgdevice.cpp in QTextEdit in Trolltech Qt 3 before 3.3.8 20070727 allow remote attackers to execute arbitrary code via format string specifiers in text used to compose an error message.
version 24
redhat via4
advisories
bugzilla
id 248417
title CVE-2007-3388 qt3 format string flaw
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment qt is earlier than 1:3.1.2-16.RHEL3
          oval oval:com.redhat.rhsa:tst:20070721002
        • comment qt is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725003
      • AND
        • comment qt-MySQL is earlier than 1:3.1.2-16.RHEL3
          oval oval:com.redhat.rhsa:tst:20070721008
        • comment qt-MySQL is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725005
      • AND
        • comment qt-ODBC is earlier than 1:3.1.2-16.RHEL3
          oval oval:com.redhat.rhsa:tst:20070721012
        • comment qt-ODBC is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725013
      • AND
        • comment qt-config is earlier than 1:3.1.2-16.RHEL3
          oval oval:com.redhat.rhsa:tst:20070721010
        • comment qt-config is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725009
      • AND
        • comment qt-designer is earlier than 1:3.1.2-16.RHEL3
          oval oval:com.redhat.rhsa:tst:20070721004
        • comment qt-designer is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725007
      • AND
        • comment qt-devel is earlier than 1:3.1.2-16.RHEL3
          oval oval:com.redhat.rhsa:tst:20070721006
        • comment qt-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725011
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment qt is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721015
        • comment qt is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725003
      • AND
        • comment qt-MySQL is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721017
        • comment qt-MySQL is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725005
      • AND
        • comment qt-ODBC is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721022
        • comment qt-ODBC is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725013
      • AND
        • comment qt-PostgreSQL is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721019
        • comment qt-PostgreSQL is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725017
      • AND
        • comment qt-config is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721021
        • comment qt-config is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725009
      • AND
        • comment qt-designer is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721018
        • comment qt-designer is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725007
      • AND
        • comment qt-devel is earlier than 1:3.3.3-11.RHEL4
          oval oval:com.redhat.rhsa:tst:20070721016
        • comment qt-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060725011
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment qt is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721024
        • comment qt is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721025
      • AND
        • comment qt-MySQL is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721034
        • comment qt-MySQL is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721035
      • AND
        • comment qt-ODBC is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721026
        • comment qt-ODBC is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721027
      • AND
        • comment qt-PostgreSQL is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721032
        • comment qt-PostgreSQL is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721033
      • AND
        • comment qt-config is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721028
        • comment qt-config is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721029
      • AND
        • comment qt-designer is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721030
        • comment qt-designer is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721031
      • AND
        • comment qt-devel is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721038
        • comment qt-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721039
      • AND
        • comment qt-devel-docs is earlier than 1:3.3.6-21.el5
          oval oval:com.redhat.rhsa:tst:20070721036
        • comment qt-devel-docs is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070721037
rhsa
id RHSA-2007:0721
released 2007-07-31
severity Moderate
title RHSA-2007:0721: qt security update (Moderate)
rpms
  • qt-1:3.1.2-16.RHEL3
  • qt-MySQL-1:3.1.2-16.RHEL3
  • qt-ODBC-1:3.1.2-16.RHEL3
  • qt-config-1:3.1.2-16.RHEL3
  • qt-designer-1:3.1.2-16.RHEL3
  • qt-devel-1:3.1.2-16.RHEL3
  • qt-1:3.3.3-11.RHEL4
  • qt-MySQL-1:3.3.3-11.RHEL4
  • qt-ODBC-1:3.3.3-11.RHEL4
  • qt-PostgreSQL-1:3.3.3-11.RHEL4
  • qt-config-1:3.3.3-11.RHEL4
  • qt-designer-1:3.3.3-11.RHEL4
  • qt-devel-1:3.3.3-11.RHEL4
  • qt-1:3.3.6-21.el5
  • qt-MySQL-1:3.3.6-21.el5
  • qt-ODBC-1:3.3.6-21.el5
  • qt-PostgreSQL-1:3.3.6-21.el5
  • qt-config-1:3.3.6-21.el5
  • qt-designer-1:3.3.6-21.el5
  • qt-devel-1:3.3.6-21.el5
  • qt-devel-docs-1:3.3.6-21.el5
refmap via4
bid 25154
bugtraq 20070803 FLEA-2007-0042-1 qt
confirm
debian DSA-1426
fedora
  • FEDORA-2007-2216
  • FEDORA-2007-703
gentoo
  • GLSA-200708-16
  • GLSA-200710-28
  • GLSA-200712-08
mandriva MDKSA-2007:151
sectrack 1018485
secunia
  • 24460
  • 26264
  • 26284
  • 26291
  • 26295
  • 26298
  • 26306
  • 26385
  • 26607
  • 26804
  • 26852
  • 26882
  • 27996
  • 28021
sgi 20070801-01-P
slackware SSA:2007-222-03
suse SUSE-SA:2007:048
ubuntu USN-495-1
vupen ADV-2007-2733
Last major update 07-03-2011 - 21:56
Published 03-08-2007 - 16:17
Last modified 16-10-2018 - 12:49
Back to Top