English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.64280
Categoría:Red Hat Local Security Checks
Título:RedHat Security Advisory RHSA-2009:1127
Resumen:The remote host is missing updates announced in;advisory RHSA-2009:1127.;;The kdelibs packages provide libraries for the K Desktop Environment (KDE).;;A flaw was found in the way the KDE CSS parser handled content for the;CSS style attribute. A remote attacker could create a specially-crafted;CSS equipped HTML page, which once visited by an unsuspecting user, could;cause a denial of service (Konqueror crash) or, potentially, execute;arbitrary code with the privileges of the user running Konqueror.;(CVE-2009-1698);;A flaw was found in the way the KDE HTML parser handled content for the;HTML head element. A remote attacker could create a specially-crafted;HTML page, which once visited by an unsuspecting user, could cause a denial;of service (Konqueror crash) or, potentially, execute arbitrary code with;the privileges of the user running Konqueror. (CVE-2009-1690);;An integer overflow flaw, leading to a heap-based buffer overflow, was;found in the way the KDE JavaScript garbage collector handled memory;allocation requests. A remote attacker could create a specially-crafted;HTML page, which once visited by an unsuspecting user, could cause a denial;of service (Konqueror crash) or, potentially, execute arbitrary code with;the privileges of the user running Konqueror. (CVE-2009-1687);;Users should upgrade to these updated packages, which contain backported;patches to correct these issues. The desktop must be restarted (log out,;then log back in) for this update to take effect.
Descripción:Summary:
The remote host is missing updates announced in
advisory RHSA-2009:1127.

The kdelibs packages provide libraries for the K Desktop Environment (KDE).

A flaw was found in the way the KDE CSS parser handled content for the
CSS style attribute. A remote attacker could create a specially-crafted
CSS equipped HTML page, which once visited by an unsuspecting user, could
cause a denial of service (Konqueror crash) or, potentially, execute
arbitrary code with the privileges of the user running Konqueror.
(CVE-2009-1698)

A flaw was found in the way the KDE HTML parser handled content for the
HTML head element. A remote attacker could create a specially-crafted
HTML page, which once visited by an unsuspecting user, could cause a denial
of service (Konqueror crash) or, potentially, execute arbitrary code with
the privileges of the user running Konqueror. (CVE-2009-1690)

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the KDE JavaScript garbage collector handled memory
allocation requests. A remote attacker could create a specially-crafted
HTML page, which once visited by an unsuspecting user, could cause a denial
of service (Konqueror crash) or, potentially, execute arbitrary code with
the privileges of the user running Konqueror. (CVE-2009-1687)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The desktop must be restarted (log out,
then log back in) for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1687
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
BugTraq ID: 35260
http://www.securityfocus.com/bid/35260
BugTraq ID: 35309
http://www.securityfocus.com/bid/35309
Debian Security Information: DSA-1950 (Google Search)
http://www.debian.org/security/2009/dsa-1950
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
http://osvdb.org/54985
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260
http://securitytracker.com/id?1022345
http://secunia.com/advisories/35379
http://secunia.com/advisories/36057
http://secunia.com/advisories/36062
http://secunia.com/advisories/36790
http://secunia.com/advisories/37746
http://secunia.com/advisories/43068
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.ubuntu.com/usn/USN-822-1
http://www.ubuntu.com/usn/USN-836-1
http://www.ubuntu.com/usn/USN-857-1
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2011/0212
Common Vulnerability Exposure (CVE) ID: CVE-2009-1690
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803
http://osvdb.org/54990
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11009
Common Vulnerability Exposure (CVE) ID: CVE-2009-1698
BugTraq ID: 35318
http://www.securityfocus.com/bid/35318
Bugtraq: 20090608 ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/504173/100/0/threaded
Bugtraq: 20090614 [TZO-37-2009] Apple Safari <v4 Remote code execution (Google Search)
http://www.securityfocus.com/archive/1/504295/100/0/threaded
http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html
http://www.zerodayinitiative.com/advisories/ZDI-09-032/
http://osvdb.org/55006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484
http://www.redhat.com/support/errata/RHSA-2009-1128.html
http://secunia.com/advisories/35588
CopyrightCopyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.