PT-2009-6696 · Qt+2 · Libqt4-Sql-Mysql+33

Chris Evans

·

Published

1970-01-01

·

Updated

2024-02-10

·

CVE-2009-1699

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions libqt4-sql-sqlite2 (affected versions not specified) libqt4-webkit (affected versions not specified) libqt4-designer (affected versions not specified) libqt4-opengl (affected versions not specified) libqt4-script (affected versions not specified) libqt4-assistant (affected versions not specified) libqt4-dbus (affected versions not specified) libqt4-sql-sqlite (affected versions not specified) libqt4-sql-ibase (affected versions not specified) libqt4-network (affected versions not specified) libqt4-opengl-dev (affected versions not specified) libqt4-sql-psql (affected versions not specified) libqt4-xmlpatterns (affected versions not specified) libqt4-sql (affected versions not specified) libqt4-gui (affected versions not specified) qt4-designer (affected versions not specified) libqt4-sql-mysql (affected versions not specified) libqt4-xmlpatterns-dbg (affected versions not specified) libqt4-dev (affected versions not specified) libqt4-core (affected versions not specified) qt4-demos (affected versions not specified) qt4-dev-tools (affected versions not specified) qt4-doc (affected versions not specified) libqt4-dbg (affected versions not specified) libqt4-xml (affected versions not specified) libqt4-test (affected versions not specified) libqt4-sql-odbc (affected versions not specified) libqt4-qt3support (affected versions not specified) libqt4-webkit-dbg (affected versions not specified) libqt4-svg (affected versions not specified) qt4-doc-html (affected versions not specified) Apple Safari versions prior to 4.0 iPhone OS versions 1.0 through 2.2.1 iPhone OS for iPod touch versions 1.1 through 2.2.1
Description The issue is related to multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libqt4-sql-sqlite2, libqt4-webkit, and others. These vulnerabilities can be exploited remotely, leading to a breach of confidentiality, integrity, and availability of protected information. Additionally, there is an issue with the XSL stylesheet implementation in WebKit in Apple Safari, which does not properly handle XML external entities, allowing remote attackers to read arbitrary files via a crafted DTD.
Recommendations As a temporary workaround, consider disabling the vulnerable components until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the vulnerable packages until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

XXE

Code Injection

Weakness Enumeration

CWE-20CWE-611CWE-94

Related Identifiers

BDU:2015-02905
BDU:2015-02907
BDU:2015-02908
BDU:2015-02909
BDU:2015-02910
BDU:2015-02911
BDU:2015-02912
BDU:2015-02913
BDU:2015-02914
BDU:2015-04034
BDU:2015-04035
BDU:2015-04036
BDU:2015-04037
BDU:2015-04038
BDU:2015-04039
BDU:2015-04040
BDU:2015-04041
BDU:2015-04042
BDU:2015-04043
BDU:2015-04044
BDU:2015-04045
BDU:2015-04046
BDU:2015-04047
BDU:2015-04048
BDU:2015-04049
BDU:2015-04050
BDU:2015-04051
BDU:2015-04052
BDU:2015-04053
BDU:2015-04054
BDU:2015-04055
BDU:2015-04056
BDU:2015-04057
CVE-2009-1699
DSA-1988-1

Affected Products

Debian
Safari
Ios
Libqt4-Assistant
Libqt4-Core
Libqt4-Dbg
Libqt4-Dbus
Libqt4-Designer
Libqt4-Dev
Libqt4-Gui
Libqt4-Network
Libqt4-Opengl
Libqt4-Opengl-Dev
Libqt4-Qt3Support
Libqt4-Script
Libqt4-Sql
Libqt4-Sql-Ibase
Libqt4-Sql-Mysql
Libqt4-Sql-Odbc
Libqt4-Sql-Psql
Libqt4-Sql-Sqlite
Libqt4-Sql-Sqlite2
Libqt4-Svg
Libqt4-Test
Libqt4-Webkit
Libqt4-Webkit-Dbg
Libqt4-Xml
Libqt4-Xmlpatterns
Libqt4-Xmlpatterns-Dbg
Qt4-Demos
Qt4-Designer
Qt4-Dev-Tools
Qt4-Doc
Qt4-Doc-Html