ID |
CVE-2006-4811
|
Summary |
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.5:*:*:*:*:*:*:*
-
cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.6:*:*:*:*:*:*:*
-
cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.3:*:*:*:*:*:*:*
-
cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.4:*:*:*:*:*:*:*
-
cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.2.0:*:*:*:*:*:*:*
-
cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.1:*:*:*:*:*:*:*
-
cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.2:*:*:*:*:*:*:*
-
cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.2:*:*:*:*:*:*:*
-
cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.1:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:kdelibs:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:kdelibs:3.1.3:*:*:*:*:*:*:*
-
cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:3.3.0:*:*:*:*:*:*:*
-
cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.3:*:*:*:*:*:*:*
-
cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:qt:qt:4.1.4:*:*:*:*:*:*:*
|
CVSS |
Base: | 6.8 (as of 16-06-2021 - 12:43) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-189 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
oval
via4
|
accepted | 2013-04-29T04:03:39.226-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | oval | oval:org.mitre.oval:def:11782 |
comment | CentOS Linux 3.x | oval | oval:org.mitre.oval:def:16651 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
| description | Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. | family | unix | id | oval:org.mitre.oval:def:10218 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted pixmap image. | version | 30 |
|
redhat
via4
|
advisories | bugzilla | id | 1618204 | title | CVE-2006-4811 security flaw |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 4 is installed | oval | oval:com.redhat.rhba:tst:20070304025 |
OR | AND | comment | kdelibs is earlier than 6:3.3.1-6.RHEL4 | oval | oval:com.redhat.rhsa:tst:20060720001 |
comment | kdelibs is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060184002 |
|
AND | comment | kdelibs-devel is earlier than 6:3.3.1-6.RHEL4 | oval | oval:com.redhat.rhsa:tst:20060720003 |
comment | kdelibs-devel is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060184004 |
|
|
|
|
| rhsa | id | RHSA-2006:0720 | released | 2006-10-18 | severity | Critical | title | RHSA-2006:0720: kdelibs security update (Critical) |
|
bugzilla | id | 1618204 | title | CVE-2006-4811 security flaw |
| oval | OR | comment | Red Hat Enterprise Linux must be installed | oval | oval:com.redhat.rhba:tst:20070304026 |
AND | comment | Red Hat Enterprise Linux 4 is installed | oval | oval:com.redhat.rhba:tst:20070304025 |
OR | AND | comment | qt is earlier than 1:3.3.3-10.RHEL4 | oval | oval:com.redhat.rhsa:tst:20060725001 |
comment | qt is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060725002 |
|
AND | comment | qt-MySQL is earlier than 1:3.3.3-10.RHEL4 | oval | oval:com.redhat.rhsa:tst:20060725003 |
comment | qt-MySQL is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060725004 |
|
AND | comment | qt-ODBC is earlier than 1:3.3.3-10.RHEL4 | oval | oval:com.redhat.rhsa:tst:20060725005 |
comment | qt-ODBC is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060725006 |
|
AND | comment | qt-PostgreSQL is earlier than 1:3.3.3-10.RHEL4 | oval | oval:com.redhat.rhsa:tst:20060725007 |
comment | qt-PostgreSQL is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060725008 |
|
AND | comment | qt-config is earlier than 1:3.3.3-10.RHEL4 | oval | oval:com.redhat.rhsa:tst:20060725009 |
comment | qt-config is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060725010 |
|
AND | comment | qt-designer is earlier than 1:3.3.3-10.RHEL4 | oval | oval:com.redhat.rhsa:tst:20060725011 |
comment | qt-designer is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060725012 |
|
AND | comment | qt-devel is earlier than 1:3.3.3-10.RHEL4 | oval | oval:com.redhat.rhsa:tst:20060725013 |
comment | qt-devel is signed with Red Hat master key | oval | oval:com.redhat.rhsa:tst:20060725014 |
|
|
|
|
| rhsa | id | RHSA-2006:0725 | released | 2006-11-01 | severity | Moderate | title | RHSA-2006:0725: qt security update (Moderate) |
|
| rpms | - arts-6:2.2.2-21.EL2
- kdelibs-6:2.2.2-21.EL2
- kdelibs-6:3.1.3-6.12
- kdelibs-6:3.3.1-6.RHEL4
- kdelibs-debuginfo-6:3.1.3-6.12
- kdelibs-debuginfo-6:3.3.1-6.RHEL4
- kdelibs-devel-6:2.2.2-21.EL2
- kdelibs-devel-6:3.1.3-6.12
- kdelibs-devel-6:3.3.1-6.RHEL4
- kdelibs-sound-6:2.2.2-21.EL2
- kdelibs-sound-devel-6:2.2.2-21.EL2
- qt-1:2.3.1-12.EL2
- qt-1:3.1.2-14.RHEL3
- qt-1:3.3.3-10.RHEL4
- qt-MySQL-1:3.1.2-14.RHEL3
- qt-MySQL-1:3.3.3-10.RHEL4
- qt-ODBC-1:3.1.2-14.RHEL3
- qt-ODBC-1:3.3.3-10.RHEL4
- qt-PostgreSQL-1:3.3.3-10.RHEL4
- qt-Xt-1:2.3.1-12.EL2
- qt-config-1:3.1.2-14.RHEL3
- qt-config-1:3.3.3-10.RHEL4
- qt-debuginfo-1:3.1.2-14.RHEL3
- qt-debuginfo-1:3.3.3-10.RHEL4
- qt-designer-1:2.3.1-12.EL2
- qt-designer-1:3.1.2-14.RHEL3
- qt-designer-1:3.3.3-10.RHEL4
- qt-devel-1:2.3.1-12.EL2
- qt-devel-1:3.1.2-14.RHEL3
- qt-devel-1:3.3.3-10.RHEL4
- qt-static-1:2.3.1-12.EL2
|
|
refmap
via4
|
bid | 20599 | bugtraq | 20061018 rPSA-2006-0195-1 kdelibs | confirm | | debian | DSA-1200 | gentoo | - GLSA-200611-02
- GLSA-200703-06
| mandriva | - MDKSA-2006:186
- MDKSA-2006:187
| sectrack | 1017084 | secunia | - 22380
- 22397
- 22479
- 22485
- 22492
- 22520
- 22579
- 22586
- 22589
- 22645
- 22738
- 22890
- 22929
- 24347
| sgi | - 20061002-01-P
- 20061101-01-P
| slackware | SSA:2006-298-01 | suse | SUSE-SA:2006:063 | ubuntu | USN-368-1 | vupen | ADV-2006-4099 |
|
statements
via4
|
contributor | Mark J Cox | lastmodified | 2007-03-14 | organization | Red Hat | statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
|
Last major update |
16-06-2021 - 12:43 |
Published |
18-10-2006 - 17:07 |
Last modified |
16-06-2021 - 12:43 |