English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64280
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:1127
Summary:The remote host is missing updates announced in;advisory RHSA-2009:1127.;;The kdelibs packages provide libraries for the K Desktop Environment (KDE).;;A flaw was found in the way the KDE CSS parser handled content for the;CSS style attribute. A remote attacker could create a specially-crafted;CSS equipped HTML page, which once visited by an unsuspecting user, could;cause a denial of service (Konqueror crash) or, potentially, execute;arbitrary code with the privileges of the user running Konqueror.;(CVE-2009-1698);;A flaw was found in the way the KDE HTML parser handled content for the;HTML head element. A remote attacker could create a specially-crafted;HTML page, which once visited by an unsuspecting user, could cause a denial;of service (Konqueror crash) or, potentially, execute arbitrary code with;the privileges of the user running Konqueror. (CVE-2009-1690);;An integer overflow flaw, leading to a heap-based buffer overflow, was;found in the way the KDE JavaScript garbage collector handled memory;allocation requests. A remote attacker could create a specially-crafted;HTML page, which once visited by an unsuspecting user, could cause a denial;of service (Konqueror crash) or, potentially, execute arbitrary code with;the privileges of the user running Konqueror. (CVE-2009-1687);;Users should upgrade to these updated packages, which contain backported;patches to correct these issues. The desktop must be restarted (log out,;then log back in) for this update to take effect.
Description:Summary:
The remote host is missing updates announced in
advisory RHSA-2009:1127.

The kdelibs packages provide libraries for the K Desktop Environment (KDE).

A flaw was found in the way the KDE CSS parser handled content for the
CSS style attribute. A remote attacker could create a specially-crafted
CSS equipped HTML page, which once visited by an unsuspecting user, could
cause a denial of service (Konqueror crash) or, potentially, execute
arbitrary code with the privileges of the user running Konqueror.
(CVE-2009-1698)

A flaw was found in the way the KDE HTML parser handled content for the
HTML head element. A remote attacker could create a specially-crafted
HTML page, which once visited by an unsuspecting user, could cause a denial
of service (Konqueror crash) or, potentially, execute arbitrary code with
the privileges of the user running Konqueror. (CVE-2009-1690)

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the KDE JavaScript garbage collector handled memory
allocation requests. A remote attacker could create a specially-crafted
HTML page, which once visited by an unsuspecting user, could cause a denial
of service (Konqueror crash) or, potentially, execute arbitrary code with
the privileges of the user running Konqueror. (CVE-2009-1687)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The desktop must be restarted (log out,
then log back in) for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1687
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
BugTraq ID: 35260
http://www.securityfocus.com/bid/35260
BugTraq ID: 35309
http://www.securityfocus.com/bid/35309
Debian Security Information: DSA-1950 (Google Search)
http://www.debian.org/security/2009/dsa-1950
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
http://osvdb.org/54985
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260
http://securitytracker.com/id?1022345
http://secunia.com/advisories/35379
http://secunia.com/advisories/36057
http://secunia.com/advisories/36062
http://secunia.com/advisories/36790
http://secunia.com/advisories/37746
http://secunia.com/advisories/43068
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.ubuntu.com/usn/USN-822-1
http://www.ubuntu.com/usn/USN-836-1
http://www.ubuntu.com/usn/USN-857-1
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2011/0212
Common Vulnerability Exposure (CVE) ID: CVE-2009-1690
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803
http://osvdb.org/54990
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11009
Common Vulnerability Exposure (CVE) ID: CVE-2009-1698
BugTraq ID: 35318
http://www.securityfocus.com/bid/35318
Bugtraq: 20090608 ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/504173/100/0/threaded
Bugtraq: 20090614 [TZO-37-2009] Apple Safari <v4 Remote code execution (Google Search)
http://www.securityfocus.com/archive/1/504295/100/0/threaded
http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html
http://www.zerodayinitiative.com/advisories/ZDI-09-032/
http://osvdb.org/55006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484
http://www.redhat.com/support/errata/RHSA-2009-1128.html
http://secunia.com/advisories/35588
CopyrightCopyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.