ID CVE-2009-1698
Summary WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
References
Vulnerable Configurations
  • Apple Safari 2.0
    cpe:2.3:a:apple:safari:2.0
  • Apple Safari 2.0.0
    cpe:2.3:a:apple:safari:2.0.0
  • Apple Safari 2.0.1
    cpe:2.3:a:apple:safari:2.0.1
  • Apple Safari 2.0.2
    cpe:2.3:a:apple:safari:2.0.2
  • Apple Safari 2.0.3
    cpe:2.3:a:apple:safari:2.0.3
  • Apple Safari 2.0.3 417.8
    cpe:2.3:a:apple:safari:2.0.3:417.8
  • Apple Safari 2.0.3 417.9
    cpe:2.3:a:apple:safari:2.0.3:417.9
  • Apple Safari 2.0.3 417.9.2
    cpe:2.3:a:apple:safari:2.0.3:417.9.2
  • Apple Safari 2.0.3 417.9.3
    cpe:2.3:a:apple:safari:2.0.3:417.9.3
  • Apple Safari 2.0.4
    cpe:2.3:a:apple:safari:2.0.4
  • Apple Safari 3.0
    cpe:2.3:a:apple:safari:3.0
  • Apple Safari 3.0.0
    cpe:2.3:a:apple:safari:3.0.0
  • Apple Safari 3.0.0b
    cpe:2.3:a:apple:safari:3.0.0b
  • Apple Safari 3.0.1
    cpe:2.3:a:apple:safari:3.0.1
  • Apple Safari 3.0.1 Beta
    cpe:2.3:a:apple:safari:3.0.1:beta
  • Apple Safari 3.0.1b
    cpe:2.3:a:apple:safari:3.0.1b
  • Apple Safari 3.0.2
    cpe:2.3:a:apple:safari:3.0.2
  • Apple Safari 3.0.2b
    cpe:2.3:a:apple:safari:3.0.2b
  • Apple Safari 3.0.3
    cpe:2.3:a:apple:safari:3.0.3
  • Apple Safari 3.0.3b
    cpe:2.3:a:apple:safari:3.0.3b
  • Apple Safari 3.0.4
    cpe:2.3:a:apple:safari:3.0.4
  • Apple Safari 3.0.4b
    cpe:2.3:a:apple:safari:3.0.4b
  • Apple Safari 3.1.0
    cpe:2.3:a:apple:safari:3.1.0
  • Apple Safari 3.1.0b
    cpe:2.3:a:apple:safari:3.1.0b
  • Apple Safari 3.1.1
    cpe:2.3:a:apple:safari:3.1.1
  • Apple Safari 3.1.2
    cpe:2.3:a:apple:safari:3.1.2
  • Apple Safari 3.2.0
    cpe:2.3:a:apple:safari:3.2.0
  • Apple Safari 3.2.1
    cpe:2.3:a:apple:safari:3.2.1
  • Apple Safari 3.2.2
    cpe:2.3:a:apple:safari:3.2.2
  • Apple iPhone OS 1.0.0
    cpe:2.3:o:apple:iphone_os:1.0.0
  • Apple iPhone OS 1.0.1
    cpe:2.3:o:apple:iphone_os:1.0.1
  • Apple iPhone OS 1.0.2
    cpe:2.3:o:apple:iphone_os:1.0.2
  • Apple iPhone OS 1.1.0
    cpe:2.3:o:apple:iphone_os:1.1.0
  • Apple iPhone OS 1.1.1
    cpe:2.3:o:apple:iphone_os:1.1.1
  • Apple iPhone OS 1.1.2
    cpe:2.3:o:apple:iphone_os:1.1.2
  • Apple iPhone OS 1.1.3
    cpe:2.3:o:apple:iphone_os:1.1.3
  • Apple iPhone OS 1.1.4
    cpe:2.3:o:apple:iphone_os:1.1.4
  • Apple iPhone OS 1.1.5
    cpe:2.3:o:apple:iphone_os:1.1.5
  • Apple iPhone OS 2.0
    cpe:2.3:o:apple:iphone_os:2.0
  • Apple iPhone OS 2.0.0
    cpe:2.3:o:apple:iphone_os:2.0.0
  • Apple iPhone OS 2.0.1
    cpe:2.3:o:apple:iphone_os:2.0.1
  • Apple iPhone OS 2.0.2
    cpe:2.3:o:apple:iphone_os:2.0.2
  • Apple iPhone OS 2.1
    cpe:2.3:o:apple:iphone_os:2.1
  • Apple iPhone OS 2.1.1
    cpe:2.3:o:apple:iphone_os:2.1.1
  • Apple iPhone OS 2.2
    cpe:2.3:o:apple:iphone_os:2.2
  • Apple iPhone OS 2.2.1
    cpe:2.3:o:apple:iphone_os:2.2.1
  • Apple iPhone
    cpe:2.3:h:apple:iphone
  • Apple iPhone OS 1.1.0
    cpe:2.3:o:apple:iphone_os:1.1.0
  • Apple iPhone OS 1.1.1
    cpe:2.3:o:apple:iphone_os:1.1.1
  • Apple iPhone OS 1.1.2
    cpe:2.3:o:apple:iphone_os:1.1.2
  • Apple iPhone OS 1.1.3
    cpe:2.3:o:apple:iphone_os:1.1.3
  • Apple iPhone OS 1.1.4
    cpe:2.3:o:apple:iphone_os:1.1.4
  • Apple iPhone OS 1.1.5
    cpe:2.3:o:apple:iphone_os:1.1.5
  • Apple iPhone OS 2.0
    cpe:2.3:o:apple:iphone_os:2.0
  • Apple iPhone OS 2.0.0
    cpe:2.3:o:apple:iphone_os:2.0.0
  • Apple iPhone OS 2.0.1
    cpe:2.3:o:apple:iphone_os:2.0.1
  • Apple iPhone OS 2.0.2
    cpe:2.3:o:apple:iphone_os:2.0.2
  • Apple iPhone OS 2.1
    cpe:2.3:o:apple:iphone_os:2.1
  • Apple iPhone OS 2.1.1
    cpe:2.3:o:apple:iphone_os:2.1.1
  • Apple iPhone OS 2.2
    cpe:2.3:o:apple:iphone_os:2.2
  • Apple iPhone OS 2.2.1
    cpe:2.3:o:apple:iphone_os:2.2.1
  • Apple iPod Touch
    cpe:2.3:h:apple:ipod_touch
CVSS
Base: 9.3 (as of 10-06-2009 - 19:20)
Impact:
Exploitability:
CWE CWE-94
CAPEC
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8049.NASL
    description This update fixes several security issues in KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet) work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU machines fail was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40414
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40414
    title Fedora 10 : kdelibs-4.2.4-6.fc10 (2009-8049)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-836-1.NASL
    description It was discovered that WebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the WebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that WebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 41606
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41606
    title Ubuntu 8.10 / 9.04 : webkit vulnerabilities (USN-836-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-822-1.NASL
    description It was discovered that KDE-Libs did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.04. (CVE-2009-0945) It was discovered that the KDE JavaScript garbage collector did not properly handle memory allocation failures. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687) It was discovered that KDE-Libs did not properly handle HTML content in the head element. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1690) It was discovered that KDE-Libs did not properly handle the Cascading Style Sheets (CSS) attr function call. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1698). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 40767
    published 2009-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40767
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : kde4libs, kdelibs vulnerabilities (USN-822-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1128.NASL
    description Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A flaw was found in the way the KDE CSS parser handled content for the CSS 'style' attribute. A remote attacker could create a specially crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1698) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 39530
    published 2009-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39530
    title RHEL 3 : kdelibs (RHSA-2009:1128)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1988.NASL
    description Several vulnerabilities have been discovered in qt4-x11, a cross-platform C++ application framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code. - CVE-2009-1687 The JavaScript garbage collector in WebKit, as used in qt4-x11 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an 'offset of a NULL pointer. - CVE-2009-1690 Use-after-free vulnerability in WebKit, as used in qt4-x11, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs. - CVE-2009-1698 WebKit in qt4-x11 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. - CVE-2009-1699 The XSL stylesheet implementation in WebKit, as used in qt4-x11 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD. - CVE-2009-1711 WebKit in qt4-x11 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. - CVE-2009-1712 WebKit in qt4-x11 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. - CVE-2009-1713 The XSLT functionality in WebKit, as used in qt4-x11 does not properly implement the document function, which allows remote attackers to read arbitrary local files and files from different security zones. - CVE-2009-1725 WebKit in qt4-x11 does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. - CVE-2009-2700 qt4-x11 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. The oldstable distribution (etch) is not affected by these problems.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44852
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44852
    title Debian DSA-1988-1 : qt4-x11 - several vulnerabilities
  • NASL family Windows
    NASL id SAFARI_4.0.NASL
    description The version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 39339
    published 2009-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39339
    title Safari < 4.0 Multiple Vulnerabilities
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090625_KDELIBS_ON_SL3_X.NASL
    description A flaw was found in the way the KDE CSS parser handled content for the CSS 'style' attribute. A remote attacker could create a specially crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1698) The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60605
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60605
    title Scientific Linux Security Update : kdelibs on SL3.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1950.NASL
    description Several vulnerabilities have been discovered in WebKit, a Web content engine library for Gtk+. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0945 Array index error in the insertItemBefore method in WebKit, allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the SVGTransformList, SVGStringList, SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object, which triggers memory corruption. - CVE-2009-1687 The JavaScript garbage collector in WebKit does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an 'offset of a NULL pointer.' - CVE-2009-1690 Use-after-free vulnerability in WebKit, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to 'recursion in certain DOM event handlers.' - CVE-2009-1698 WebKit does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. - CVE-2009-1711 WebKit does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document. - CVE-2009-1712 WebKit does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element. - CVE-2009-1725 WebKit do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document. - CVE-2009-1714 Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes. - CVE-2009-1710 WebKit allows remote attackers to spoof the browser's display of the host name, security indicators, and unspecified other UI elements via a custom cursor in conjunction with a modified CSS3 hotspot property. - CVE-2009-1697 CRLF injection vulnerability in WebKit allows remote attackers to inject HTTP headers and bypass the Same Origin Policy via a crafted HTML document, related to cross-site scripting (XSS) attacks that depend on communication with arbitrary websites on the same server through use of XMLHttpRequest without a Host header. - CVE-2009-1695 Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition. - CVE-2009-1693 WebKit allows remote attackers to read images from arbitrary websites via a CANVAS element with an SVG image, related to a 'cross-site image capture issue.' - CVE-2009-1694 WebKit does not properly handle redirects, which allows remote attackers to read images from arbitrary websites via vectors involving a CANVAS element and redirection, related to a 'cross-site image capture issue.' - CVE-2009-1681 WebKit does not prevent websites from loading third-party content into a subframe, which allows remote attackers to bypass the Same Origin Policy and conduct 'clickjacking' attacks via a crafted HTML document. - CVE-2009-1684 Cross-site scripting (XSS) vulnerability in WebKit allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document. - CVE-2009-1692 WebKit allows remote attackers to cause a denial of service (memory consumption or device reset) via a web page containing an HTMLSelectElement object with a large length attribute, related to the length property of a Select object.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44815
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44815
    title Debian DSA-1950-1 : webkit - several vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SAFARI4_0.NASL
    description The version of Apple Safari installed on the remote Mac OS X host is earlier than 4.0. As such, it is potentially affected by numerous issues in the following components : - CFNetwork - libxml - Safari - WebKit
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 39338
    published 2009-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39338
    title Mac OS X : Apple Safari < 4.0
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-346.NASL
    description Mandriva Linux 2008.0 was released with KDE version 3.5.7. This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10, which brings many bugfixes, overall improvements and many security fixes. kdegraphics contains security fixes for CVE-2009-3603,3604,3605,3606,3608,3609,0146,0147,0165,0166,0799,0800,1 179,1180,1181,1182,1183 kdelibs contains security fixes for CVE-2009-0689,1687,1690,1698,2702,1725,2537 Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 43613
    published 2009-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43613
    title Mandriva Linux Security Advisory : kde (MDVSA-2009:346)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1128.NASL
    description Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A flaw was found in the way the KDE CSS parser handled content for the CSS 'style' attribute. A remote attacker could create a specially crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1698) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 39524
    published 2009-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39524
    title CentOS 3 : kdelibs (CESA-2009:1128)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8046.NASL
    description This update fixes several security issues in the KDE 3 compatibility version of KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, the package was fixed to build with the latest version of automake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40413
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40413
    title Fedora 11 : kdelibs3-3.5.10-13.fc11 (2009-8046)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1128.NASL
    description From Red Hat Security Advisory 2009:1128 : Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having important security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A flaw was found in the way the KDE CSS parser handled content for the CSS 'style' attribute. A remote attacker could create a specially crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1698) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 67883
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67883
    title Oracle Linux 3 : kdelibs (ELSA-2009-1128)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBWEBKIT-110111.NASL
    description Various bugs in webkit have been fixed. The CVE id's are : CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53764
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53764
    title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1127.NASL
    description Updated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A flaw was found in the way the KDE CSS parser handled content for the CSS 'style' attribute. A remote attacker could create a specially crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1698) A flaw was found in the way the KDE HTML parser handled content for the HTML 'head' element. A remote attacker could create a specially crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1690) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the KDE JavaScript garbage collector handled memory allocation requests. A remote attacker could create a specially crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1687) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43763
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43763
    title CentOS 5 : kdelibs (CESA-2009:1127)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_3_LIBWEBKIT-110104.NASL
    description Various bugs in webkit have been fixed. The CVE id's are : CVE-2009-0945, CVE-2009-1681, CVE-2009-1684, CVE-2009-1685, CVE-2009-1686, CVE-2009-1687, CVE-2009-1688, CVE-2009-1689, CVE-2009-1691, CVE-2009-1690, CVE-2009-1692, CVE-2009-1693, CVE-2009-1694, CVE-2009-1695, CVE-2009-1696, CVE-2009-1697, CVE-2009-1698, CVE-2009-1699, CVE-2009-1700, CVE-2009-1701, CVE-2009-1702, CVE-2009-1703, CVE-2009-1709, CVE-2009-1710, CVE-2009-1711, CVE-2009-1712, CVE-2009-1713, CVE-2009-1714, CVE-2009-1715, CVE-2009-1718, CVE-2009-1724, CVE-2009-1725, CVE-2009-2195, CVE-2009-2199, CVE-2009-2200, CVE-2009-2419, CVE-2009-2797, CVE-2009-2816, CVE-2009-2841, CVE-2009-3272, CVE-2009-3384, CVE-2009-3933, CVE-2009-3934, CVE-2010-0046, CVE-2010-0047, CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0315, CVE-2010-0647, CVE-2010-0051, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656, CVE-2010-0659, CVE-2010-0661, CVE-2010-1029, CVE-2010-1126, CVE-2010-1233, CVE-2010-1236, CVE-2010-1386, CVE-2010-1387, CVE-2010-1388, CVE-2010-1389, CVE-2010-1390, CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394, CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398, CVE-2010-1399, CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403, CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407, CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412, CVE-2010-1413, CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1729, CVE-2010-1749, CVE-2010-1757, CVE-2010-1758, CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1763, CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1769, CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1813, CVE-2010-1814, CVE-2010-1815, CVE-2010-1822, CVE-2010-1823, CVE-2010-1824, CVE-2010-1825, CVE-2010-2264, CVE-2010-2295, CVE-2010-2297, CVE-2010-2300, CVE-2010-2301, CVE-2010-2302, CVE-2010-2441, CVE-2010-3116, CVE-2010-3257, CVE-2010-3259, CVE-2010-3312, CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808, CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3812, CVE-2010-3813, CVE-2010-3816, CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820, CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824, CVE-2010-3826, CVE-2010-3829, CVE-2010-3900, CVE-2010-4040
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75629
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75629
    title openSUSE Security Update : libwebkit (openSUSE-SU-2011:0024-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8039.NASL
    description This update fixes several security issues in KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet) work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU machines fail was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40412
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40412
    title Fedora 11 : kdelibs-4.2.4-6.fc11 (2009-8039)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-857-1.NASL
    description It was discovered that QtWebKit did not properly handle certain SVGPathList data structures. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0945) Several flaws were discovered in the QtWebKit browser and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687, CVE-2009-1690, CVE-2009-1698, CVE-2009-1711, CVE-2009-1725) It was discovered that QtWebKit did not properly handle certain XSL stylesheets. If a user were tricked into viewing a malicious website, an attacker could exploit this to read arbitrary local files, and possibly files from different security zones. (CVE-2009-1699, CVE-2009-1713) It was discovered that QtWebKit did not prevent the loading of local Java applets. If a user were tricked into viewing a malicious website, an attacker could exploit this to execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1712). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 42467
    published 2009-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42467
    title Ubuntu 8.10 / 9.04 : qt4-x11 vulnerabilities (USN-857-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090625_KDELIBS_ON_SL4_X.NASL
    description A flaw was found in the way the KDE CSS parser handled content for the CSS 'style' attribute. A remote attacker could create a specially crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1698) A flaw was found in the way the KDE HTML parser handled content for the HTML 'head' element. A remote attacker could create a specially crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1690) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the KDE JavaScript garbage collector handled memory allocation requests. A remote attacker could create a specially crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1687) The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60606
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60606
    title Scientific Linux Security Update : kdelibs on SL4.x, SL5.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1867.NASL
    description Several security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. - CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. - CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44732
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44732
    title Debian DSA-1867-1 : kdelibs - several vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1127.NASL
    description From Red Hat Security Advisory 2009:1127 : Updated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A flaw was found in the way the KDE CSS parser handled content for the CSS 'style' attribute. A remote attacker could create a specially crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1698) A flaw was found in the way the KDE HTML parser handled content for the HTML 'head' element. A remote attacker could create a specially crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1690) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the KDE JavaScript garbage collector handled memory allocation requests. A remote attacker could create a specially crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1687) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 67882
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67882
    title Oracle Linux 4 / 5 : kdelibs (ELSA-2009-1127)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1127.NASL
    description Updated kdelibs packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs packages provide libraries for the K Desktop Environment (KDE). A flaw was found in the way the KDE CSS parser handled content for the CSS 'style' attribute. A remote attacker could create a specially crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1698) A flaw was found in the way the KDE HTML parser handled content for the HTML 'head' element. A remote attacker could create a specially crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1690) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the KDE JavaScript garbage collector handled memory allocation requests. A remote attacker could create a specially crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1687) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 39529
    published 2009-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39529
    title RHEL 4 / 5 : kdelibs (RHSA-2009:1127)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_KDELIBS3-101104.NASL
    description The following vulnerabilities in kdelibs3's khtml subsystem have been fixed: CVE-2009-1690,CVE-2009-1687 and CVE-2009-1698.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 53666
    published 2011-05-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=53666
    title openSUSE Security Update : kdelibs3 (openSUSE-SU-2010:1034-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-027.NASL
    description Multiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '�' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2702). The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer. (CVE-2009-1687). WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit (aka Qt toolkit), and possibly other products does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document (CVE-2009-1725). Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers. (CVE-2009-1690). WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document (CVE-2009-1698). KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537). The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. (CVE-2009-0689). WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption (CVE-2009-0945). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48170
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48170
    title Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:027)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8020.NASL
    description This update fixes several security issues in the KDE 3 compatibility version of KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, the package was fixed to build with the latest version of automake, and the following fixes and improvements were merged from the Fedora 11 package: * slight speedup to /etc/profile.d/kde.sh, - fixed unowned directories, * fixed harmless (as the file contents match) file conflicts with KDE 4.2.x, * fixed build with GCC 4.4 (but this package is built with Fedora 10's GCC 4.3.2), * moved Qt Designer plugins to the runtime package as they can be needed at runtime (e.g. by PyKDE programs), * kdelibs3-apidocs is now a noarch subpackage. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40411
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40411
    title Fedora 10 : kdelibs3-3.5.10-13.fc10 (2009-8020)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1868.NASL
    description Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. - CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. - CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. The oldstable distribution (etch) does not contain kde4libs.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44733
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44733
    title Debian DSA-1868-1 : kde4libs - several vulnerabilities
oval via4
accepted 2013-04-29T04:19:41.867-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
family unix
id oval:org.mitre.oval:def:9484
status accepted
submitted 2010-07-09T03:56:16-04:00
title WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
version 24
redhat via4
advisories
  • bugzilla
    id 506469
    title attribute content (DoS, ACE)
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304001
      • OR
        • AND
          • comment kdelibs is earlier than 6:3.3.1-14.el4
            oval oval:com.redhat.rhsa:tst:20091127002
          • comment kdelibs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060720003
        • AND
          • comment kdelibs-devel is earlier than 6:3.3.1-14.el4
            oval oval:com.redhat.rhsa:tst:20091127004
          • comment kdelibs-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060720005
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment kdelibs is earlier than 6:3.5.4-22.el5_3
            oval oval:com.redhat.rhsa:tst:20091127007
          • comment kdelibs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070909008
        • AND
          • comment kdelibs-apidocs is earlier than 6:3.5.4-22.el5_3
            oval oval:com.redhat.rhsa:tst:20091127009
          • comment kdelibs-apidocs is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070909012
        • AND
          • comment kdelibs-devel is earlier than 6:3.5.4-22.el5_3
            oval oval:com.redhat.rhsa:tst:20091127011
          • comment kdelibs-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070909010
    rhsa
    id RHSA-2009:1127
    released 2009-06-25
    severity Critical
    title RHSA-2009:1127: kdelibs security update (Critical)
  • bugzilla
    id 506469
    title attribute content (DoS, ACE)
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhba:tst:20070026001
    • OR
      • AND
        • comment kdelibs is earlier than 6:3.1.3-6.13
          oval oval:com.redhat.rhsa:tst:20091128002
        • comment kdelibs is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060720003
      • AND
        • comment kdelibs-devel is earlier than 6:3.1.3-6.13
          oval oval:com.redhat.rhsa:tst:20091128004
        • comment kdelibs-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060720005
    rhsa
    id RHSA-2009:1128
    released 2009-06-25
    severity Important
    title RHSA-2009:1128: kdelibs security update (Important)
rpms
  • kdelibs-6:3.3.1-14.el4
  • kdelibs-devel-6:3.3.1-14.el4
  • kdelibs-6:3.5.4-22.el5_3
  • kdelibs-apidocs-6:3.5.4-22.el5_3
  • kdelibs-devel-6:3.5.4-22.el5_3
  • kdelibs-6:3.1.3-6.13
  • kdelibs-devel-6:3.1.3-6.13
refmap via4
apple
  • APPLE-SA-2009-06-08-1
  • APPLE-SA-2009-06-17-1
bid
  • 35260
  • 35318
bugtraq
  • 20090608 ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability
  • 20090614 [TZO-37-2009] Apple Safari
confirm
debian DSA-1950
fedora
  • FEDORA-2009-8020
  • FEDORA-2009-8039
  • FEDORA-2009-8046
  • FEDORA-2009-8049
mandriva MDVSA-2009:330
misc
osvdb 55006
sectrack 1022345
secunia
  • 35379
  • 35588
  • 36057
  • 36062
  • 36790
  • 37746
  • 43068
suse SUSE-SR:2011:002
ubuntu
  • USN-822-1
  • USN-836-1
  • USN-857-1
vupen
  • ADV-2009-1522
  • ADV-2009-1621
  • ADV-2011-0212
Last major update 30-03-2012 - 00:00
Published 10-06-2009 - 14:00
Last modified 10-10-2018 - 15:37
Back to Top