exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2013-0254

Status Candidate

Overview

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.

Related Files

Gentoo Linux Security Advisory 201311-14
Posted Nov 22, 2013
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201311-14 - Multiple vulnerabilities have been discovered in QtCore and QtGui, possibly resulting in execution of arbitrary code, Denial of Service, or man-in-the-middle attacks. Versions less than 4.8.4-r2 are affected.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2011-3193, CVE-2013-0254
SHA-256 | 48adb5e90b61766cc2b61bf6a9f67ae045e98144649b3e6a9b77199924122d98
Red Hat Security Advisory 2013-0669-01
Posted Mar 21, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0669-01 - Qt is a software toolkit that simplifies the task of writing and maintaining GUI applications for the X Window System. It was discovered that the QSharedMemory class implementation of the Qt toolkit created shared memory segments with insecure permissions. A local attacker could use this flaw to read or alter the contents of a particular shared memory segment, possibly leading to their ability to obtain sensitive information or influence the behavior of a process that is using the shared memory segment.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2013-0254
SHA-256 | 0e67715652896aa6a5c89b1f944208d96234e81835c89b6e02a33a791946f822
Ubuntu Security Notice USN-1723-1
Posted Feb 14, 2013
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1723-1 - Richard J. Moore and Peter Hartmann discovered that Qt allowed redirecting requests from http to file schemes. If an attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS, and Ubuntu 12.10. Stephen Cheng discovered that Qt may report incorrect errors when ssl certificate verification fails. Various other issues were also addressed.

tags | advisory, web
systems | linux, ubuntu
advisories | CVE-2012-5624, CVE-2012-6093, CVE-2013-0254, CVE-2012-5624, CVE-2012-6093, CVE-2013-0254
SHA-256 | 4605f641fa86a28f32d2a30ade5206711c95382ac77712e820d92294787e541b
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    0 Files
  • 4
    Oct 4th
    0 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    0 Files
  • 8
    Oct 8th
    0 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close