ID CVE-2009-2537
Summary KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
References
Vulnerable Configurations
  • cpe:2.3:a:kde:konqueror
    cpe:2.3:a:kde:konqueror
CVSS
Base: 4.3 (as of 21-07-2009 - 08:16)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
exploit-db via4
id EDB-ID:9160
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8049.NASL
    description This update fixes several security issues in KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet) work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU machines fail was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40414
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40414
    title Fedora 10 : kdelibs-4.2.4-6.fc10 (2009-8049)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-346.NASL
    description Mandriva Linux 2008.0 was released with KDE version 3.5.7. This update upgrades KDE in Mandriva Linux 2008.0 to version 3.5.10, which brings many bugfixes, overall improvements and many security fixes. kdegraphics contains security fixes for CVE-2009-3603,3604,3605,3606,3608,3609,0146,0147,0165,0166,0799,0800,1 179,1180,1181,1182,1183 kdelibs contains security fixes for CVE-2009-0689,1687,1690,1698,2702,1725,2537 Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 43613
    published 2009-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43613
    title Mandriva Linux Security Advisory : kde (MDVSA-2009:346)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8046.NASL
    description This update fixes several security issues in the KDE 3 compatibility version of KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, the package was fixed to build with the latest version of automake. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40413
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40413
    title Fedora 11 : kdelibs3-3.5.10-13.fc11 (2009-8046)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-028.NASL
    description Multiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \'\0\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2702). KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537). The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. (CVE-2009-0689). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48171
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48171
    title Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:028)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8039.NASL
    description This update fixes several security issues in KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet) work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU machines fail was fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40412
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40412
    title Fedora 11 : kdelibs-4.2.4-6.fc11 (2009-8039)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-027.NASL
    description Multiple vulnerabilities was discovered and corrected in kdelibs4 : KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '�' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2702). The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer. (CVE-2009-1687). WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit (aka Qt toolkit), and possibly other products does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document (CVE-2009-1725). Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers. (CVE-2009-1690). WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document (CVE-2009-1698). KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537). The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. (CVE-2009-0689). WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption (CVE-2009-0945). The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 48170
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48170
    title Mandriva Linux Security Advisory : kdelibs4 (MDVSA-2010:027)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-8020.NASL
    description This update fixes several security issues in the KDE 3 compatibility version of KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, the package was fixed to build with the latest version of automake, and the following fixes and improvements were merged from the Fedora 11 package: * slight speedup to /etc/profile.d/kde.sh, - fixed unowned directories, * fixed harmless (as the file contents match) file conflicts with KDE 4.2.x, * fixed build with GCC 4.4 (but this package is built with Fedora 10's GCC 4.3.2), * moved Qt Designer plugins to the runtime package as they can be needed at runtime (e.g. by PyKDE programs), * kdelibs3-apidocs is now a noarch subpackage. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 40411
    published 2009-07-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40411
    title Fedora 10 : kdelibs3-3.5.10-13.fc10 (2009-8020)
refmap via4
bugtraq
  • 20090715 Re: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
  • 20090715 Re:[GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
  • 20090715 [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
  • 20090716 Re[2]: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari,Opera, Chrome,Seamonkey,iPhone,iPod,Wii,PS3....
exploit-db 9160
fedora
  • FEDORA-2009-8020
  • FEDORA-2009-8039
  • FEDORA-2009-8046
  • FEDORA-2009-8049
mandriva MDVSA-2009:330
misc http://www.g-sec.lu/one-bug-to-rule-them-all.html
secunia
  • 36057
  • 36062
xf konqueror-integer-value-dos(52871)
statements via4
contributor Tomas Hoger
lastmodified 2009-08-07
organization Red Hat
statement Red Hat does not consider a user-assisted crash of a client application such as Konqueror to be a security issue.
Last major update 19-12-2009 - 01:56
Published 20-07-2009 - 14:30
Last modified 10-10-2018 - 15:40
Back to Top