漏洞信息详情
Trolltech Qt UTF-8编译器字符输入验证漏洞
- CNNVD编号:CNNVD-200704-057
- 危害等级: 低危
- CVE编号: CVE-2007-0242
- 漏洞类型: 跨站脚本
- 发布时间: 2007-04-03
- 威胁类型: 远程
- 更新时间: 2007-04-06
- 厂 商: qt
- 漏洞来源: The vendor reporte...
漏洞简介
Qt 的codecs/qutfcodec.cpp中的UTF-8译码器没有注入过长的UTF-8序列存在跨站脚本攻击和目录遍历漏洞。远程攻击者可以借助长序列,执行跨站脚本攻击和目录遍历攻击。这些长参数会对危险元字符进行解码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Trolltech Qt 3.3.8
Trolltech Qt-3.3.8-UTF-8-fix.diff
http://www.trolltech.com/developer/download/Qt-3.3.8-UTF-8-fix.diff
Trolltech Qt 4.1.4
Mandriva lib64qassistant1-4.1.4-12.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/downloadMandriva istant1-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64qt3support4-4.1.4-12.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva lib64qt3support4-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64qt4-devel-4.1.4-12.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva lib64qt4-devel-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64qtcore4-4.1.4-12.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva lib64qtcore4-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64qtdbus4-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64qtdesigner1-4.1.4-12.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva lib64qtdesigner1-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64qtgui4-4.1.4-12.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva lib64qtgui4-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64qtnetwork4-4.1.4-12.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva lib64qtnetwork4-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64qtopengl4-4.1.4-12.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva lib64qtopengl4-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64qtsql4-4.1.4-12.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva lib64qtsql4-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64qtsvg4-4.1.4-12.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva lib64qtsvg4-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64qttest4-4.1.4-12.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva lib64qttest4-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64qtuitools4-4.1.4-12.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva lib64qtuitools4-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva lib64qtxml4-4.1.4-12.2mdv2007.0.x86_64.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva lib64qtxml4-4.2.3-3.1mdv2007.1.x86_64.rpm
Mandriva Linux 2007.1/X86_64:
http://www.mandriva.com/en/download
Mandriva libqassistant1-4.1.4-12.2mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva libqassistant1-4.2.3-3.1mdv2007.1.i586.rpm
Mandriva Linux 2007.1:
http://www.mandriva.com/en/download
Mandriva libqt3support4-4.1.4-12.2mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva libqt3support4-4.2.3-3.1mdv2007.1.i586.rpm
Mandriva Linux 2007.1:
http://www.mandriva.com/en/download
Mandriva libqt4-devel-4.1.4-12.2mdv2007.0.i586.rpm
Mandriva Linux 2007.0:
http://www.mandriva.com/en/download
Mandriva libqt4-devel-4.2.3-3.1mdv2007.1.i586.rpm
Mandriva Linux 2007.1:
http://www.mandriva.com/en/download
Mandriva libqtcore4-4.
参考网址
来源: www.trolltech.com
链接:http://www.trolltech.com/company/newsroom/announcements/press.2007-03-30.9172215350
来源: www.nabble.com
链接:http://www.nabble.com/Bug-417390:-CVE-2007-0242,--Qt-UTF-8-overlong-sequence-decoding-vulnerability-t3506065.HTML
来源:issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-1202
来源: XF
名称: qt-utf8-xss(33397)
链接:http://xforce.iss.net/xforce/xfdb/33397
来源: UBUNTU
名称: USN-452-1
链接:http://www.ubuntu.com/usn/usn-452-1
来源: BID
名称: 23269
链接:http://www.securityfocus.com/bid/23269
来源: REDHAT
名称: RHSA-2007:0909
链接:http://www.redhat.com/support/errata/RHSA-2007-0909.HTML
来源: REDHAT
名称: RHSA-2007:0883
链接:http://www.redhat.com/support/errata/RHSA-2007-0883.HTML
来源: SUSE
名称: SUSE-SR:2007:006
链接:http://www.novell.com/linux/security/advisories/2007_6_sr.HTML
来源: MANDRIVA
名称: MDKSA-2007:076
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:076
来源: MANDRIVA
名称: MDKSA-2007:075
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:075
来源: MANDRIVA
名称: MDKSA-2007:074
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:074
来源: VUPEN
名称: ADV-2007-1212
链接:http://www.frsirt.com/english/advisories/2007/1212
来源: DEBIAN
名称: DSA-1292
链接:http://www.debian.org/security/2007/dsa-1292
来源:support.novell.com
链接:http://support.novell.com/techcenter/PSDb/fc79b7f48d739f9c803a24ddad933384.HTML
来源: support.novell.com
链接:http://support.novell.com/techcenter/PSDb/39ea4b325a7da742cb8b6995fa585b14.HTML
来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2007-424.htm
来源: SLACKWARE
名称: SSA:2007-093-03
链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.348591
来源: SECUNIA
名称: 27275
链接:http://secunia.com/advisories/27275
来源: SECUNIA
名称: 27108
链接:http://secunia.com/advisories/27108
来源: SECUNIA
名称: 26857
链接:http://secunia.com/advisories/26857
来源: SECUNIA
名称: 26804
链接:http://secunia.com/advisories/26804
来源: SECUNIA
名称: 25263
链接:http://secunia.com/advisories/25263
来源: SECUNIA
名称: 24889
链接:http://secunia.com/advisories/24889
来源: SECUNIA
名称: 24847
链接:http://secunia.com/advisories/24847
来源: SECUNIA
名称: 24797
链接:http://secunia.com/advisories/24797
来源: SECUNIA
名称: 24759
链接:http://secunia.com/advisories/24759
来源: SECUNIA
名称: 24727
链接:http://secunia.com/advisories/24727
来源: SECUNIA
名称: 24726
链接:http://secunia.com/advisories/24726
来源: SECUNIA
名称: 24705
链接:http://secunia.com/advisories/24705
来源: SECUNIA
名称: 24699
链接:http://secunia.com/advisories/24699
来源: MANDRIVA
名称: MDKSA-2007:076
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:076
来源: MANDRIVA
名称: MDKSA-2007:075
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:075
来源: MANDRIVA
名称: MDKSA-2007:074
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:074
来源: FEDORA
名称: FEDORA-2007-703
链接:http://fedoranews.org/updates/FEDORA-2007-703.sHTML
来源: SGI
名称: 20070901-01-P
链接:ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
受影响实体
- Qt Qt:4.2.3
- Qt Qt:3.3.8
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论