Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
BID:25154
Info
Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
| Bugtraq ID: | 25154 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-3388 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 31 2007 12:00AM |
| Updated: | Dec 18 2007 08:05PM |
| Credit: | Tim Brown of Portcullis Computer Security and Dirk Mueller are credited with discovering these issues. |
| Vulnerable: |
Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux wizpy 0 Turbolinux Turbolinux Server 10.0 x86 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 10.0.0 x64 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux FUJI Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home Turbolinux FUJI 0 Trolltech Qt 3.3.8 Trolltech Qt 3.3.7 Trolltech Qt 3.3.6 Trolltech Qt 3.3.5 Trolltech Qt 3.3.4 Trolltech Qt 3.3.3 Trolltech Qt 3.3.2 Trolltech Qt 3.3.1 Trolltech Qt 3.3 .0 Trolltech Qt 3.2.3 Trolltech Qt 3.2.1 Trolltech Qt 3.1.2 Trolltech Qt 3.1.1 Trolltech Qt 3.1 Trolltech Qt 3.0.5 Trolltech Qt 3.0.3 Trolltech Qt 3.0 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise Server 10 SuSE SUSE Linux Enterprise SDK 9 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE SUSE Linux Enterprise SDK 10 SuSE SUSE Linux Enterprise SDK 10 SuSE Suse Linux Enterprise Desktop 10 SP1 SuSE Suse Linux Enterprise Desktop 10 SuSE Linux Enterprise Server 10.SP1 SuSE Linux 10.1 x86-64 SuSE Linux 10.1 x86 SuSE Linux 10.1 ppc SuSE Linux 10.0 x86-64 SuSE Linux 10.0 x86 SuSE Linux 10.0 ppc Slackware Linux 10.2 Slackware Linux 12.0 Slackware Linux 11.0 SGI Advanced Linux Environment 3.0 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.1 rPath rPath Linux 1 Redhat Fedora Core7 Redhat Fedora Core6 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux WS 3 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux ES 3 Redhat Enterprise Linux Desktop Workstation 5 client Redhat Enterprise Linux Desktop 5 client Redhat Enterprise Linux AS 4 Redhat Enterprise Linux AS 3 Redhat Enterprise Linux 5 Server Redhat Desktop 4.0 Redhat Desktop 3.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Foresight Linux Foresight Linux 1.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Avaya SES 3.1.1 Avaya SES 3.0 Avaya SES 2.0 Avaya Messaging Storage Server MSS 3.0 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 2.0 Avaya Messaging Storage Server 1.0 Avaya Messaging Storage Server Avaya Integrated Management 2.1 Avaya Integrated Management Avaya CVLAN |
| Not Vulnerable: | |
Discussion
Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
Trolltech Qt is prone to multiple format-string vulnerabilities because it fails to securely display error messages.
Exploiting these issues can allow remote attackers to execute arbitrary code in the context of the application using the framework or to cause denial-of-service conditions.
These issues affect only Qt 3; other versions of Qt are not affected. Note that KDE and other applications that use the affected framework are inherently affected.
Trolltech Qt is prone to multiple format-string vulnerabilities because it fails to securely display error messages.
Exploiting these issues can allow remote attackers to execute arbitrary code in the context of the application using the framework or to cause denial-of-service conditions.
These issues affect only Qt 3; other versions of Qt are not affected. Note that KDE and other applications that use the affected framework are inherently affected.
Exploit / POC
Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
Solution:
The vendor released a fix to address these issues. Please see the references for more information.
Turbolinux Turbolinux 10 F...
TurboLinux Multimedia
Turbolinux Home
Turbolinux Turbolinux Desktop 10.0
Trolltech Qt 3.3.8
Solution:
The vendor released a fix to address these issues. Please see the references for more information.
Turbolinux Turbolinux 10 F...
-
Turbolinux qt3-3.2.3-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/qt3-3.2.3-18.i586.rpm -
Turbolinux qt3-devel-3.2.3-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/qt3-devel-3.2.3-18.i586.rpm -
Turbolinux qt3-tools-3.2.3-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/qt3-tools-3.2.3-18.i586.rpm
TurboLinux Multimedia
-
Turbolinux qt3-3.2.3-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/qt3-3.2.3-18.i586.rpm -
Turbolinux qt3-devel-3.2.3-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/qt3-devel-3.2.3-18.i586.rpm -
Turbolinux qt3-tools-3.2.3-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/qt3-tools-3.2.3-18.i586.rpm
Turbolinux Home
-
Turbolinux qt3-3.2.3-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/qt3-3.2.3-18.i586.rpm -
Turbolinux qt3-devel-3.2.3-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/qt3-devel-3.2.3-18.i586.rpm -
Turbolinux qt3-tools-3.2.3-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/qt3-tools-3.2.3-18.i586.rpm
Turbolinux Turbolinux Desktop 10.0
-
Turbolinux qt3-3.2.3-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/qt3-3.2.3-18.i586.rpm -
Turbolinux qt3-devel-3.2.3-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/qt3-devel-3.2.3-18.i586.rpm -
Turbolinux qt3-tools-3.2.3-18.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/qt3-tools-3.2.3-18.i586.rpm
Trolltech Qt 3.3.8
-
Trolltech Security Patch to Qt 3.3.8
http://www.trolltech.com/developer/download/170529.diff
References
Trolltech Qt QTextEdit Multiple Format String Vulnerabilities
References:
References:
- QT Homepage (Trolltech)
- Trolltech Homepage (Trolltech)
- Trolltech Provides Security Patch to Qt 3.3.8, Addressing Potential Vulnerabilit (TrollTech)
- ASA-2007-388 (Avaya)
- Bugzilla Bug 248417: CVE-2007-3388 qt3 format string flaw (Red Hat)
- DSA 1426-1 qt-x11-free (Debian)
- RHSA-2007:0721-2: qt security update (Red Hat)
- rPSA-2007-0153-1 qt-x11-free (rPath)