漏洞信息详情
Trolltech Qt QSslSocket证书验证绕过漏洞
- CNNVD编号:CNNVD-200801-071
- 危害等级: 中危
- CVE编号: CVE-2007-5965
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2007-12-21
- 威胁类型: 远程
- 更新时间: 2008-01-07
- 厂 商: trolltech
- 漏洞来源: Trolltech
漏洞简介
Digia Qt是芬兰Digia公司的一套跨平台的C++应用程序开发框架。该框架可用于开发GUI程序。
Qt可能没有对SSL连接中的QSslSocket类证书执行验证,使用QSslSocket的应用可能受骗接受伪造的证书,这有助于攻击者执行网络钓鱼类的攻击。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Trolltech Qt 4.3
Trolltech 190133.patch
http://www.trolltech.com/developer/download/190133.patch
Trolltech qt-mac-opensource-src-4.3.3.tar.gz (Mac OS)
http://www.trolltech.com/download?target=
http://ftp.iasi.roedu.net/mir rors/ftp.trolltech.com/qt/source/qt-mac-opensource-src-4.3.3.tar.gz
Trolltech qt-win-opensource-src-4.3.3.zip (Windows)
http://www.trolltech.com/download?target=
http://ftp.ntua.gr/pub/X11/Qt /qt/source/qt-win-opensource-src-4.3.3.zip
Trolltech qt-x11-opensource-src-4.3.3.tar.gz (X11)
http://www.trolltech.com/download?target=
http://ftp.iasi.roedu.net/mir rors/ftp.trolltech.com/qt/source/qt-x11-opensource-src-4.3.3.tar.gz
Trolltech Qt 4.3.1
Trolltech 190133.patch
http://www.trolltech.com/developer/download/190133.patch
Trolltech qt-mac-opensource-src-4.3.3.tar.gz (Mac OS)
http://www.trolltech.com/download?target=
http://ftp.iasi.roedu.net/mir rors/ftp.trolltech.com/qt/source/qt-mac-opensource-src-4.3.3.tar.gz
Trolltech qt-win-opensource-src-4.3.3.zip (Windows)
http://www.trolltech.com/download?target=
http://ftp.ntua.gr/pub/X11/Qt /qt/source/qt-win-opensource-src-4.3.3.zip
Trolltech qt-x11-opensource-src-4.3.3.tar.gz (X11)
http://www.trolltech.com/download?target=
http://ftp.iasi.roedu.net/mir rors/ftp.trolltech.com/qt/source/qt-x11-opensource-src-4.3.3.tar.gz
Trolltech Qt 4.3.2
Trolltech 190133.patch
http://www.trolltech.com/developer/download/190133.patch
Trolltech qt-mac-opensource-src-4.3.3.tar.gz (Mac OS)
http://www.trolltech.com/download?target=
http://ftp.iasi.roedu.net/mir rors/ftp.trolltech.com/qt/source/qt-mac-opensource-src-4.3.3.tar.gz
Trolltech qt-win-opensource-src-4.3.3.zip (Windows)
http://www.trolltech.com/download?target=
http://ftp.ntua.gr/pub/X11/Qt /qt/source/qt-win-opensource-src-4.3.3.zip
Trolltech qt-x11-opensource-src-4.3.3.tar.gz (X11)
http://www.trolltech.com/download?target=
http://ftp.iasi.roedu.net/mir rors/ftp.trolltech.com/qt/source/qt-x11-opensource-src-4.3.3.tar.gz
参考网址
来源: trolltech.com
链接:http://trolltech.com/company/newsroom/announcements/press.2007-12-21.2182567220
来源: FEDORA
名称: FEDORA-2007-4354
链接:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00131.HTML
来源: FEDORA
名称: FEDORA-2007-4285
链接:https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00005.HTML
来源: MISC
链接:https://bugzilla.redhat.com/show_bug.cgi?id=427232
来源: VUPEN
名称: ADV-2008-0018
链接:http://www.frsirt.com/english/advisories/2008/0018
来源: SECUNIA
名称: 28321
链接:http://secunia.com/advisories/28321
来源: SECUNIA
名称: 28228
链接:http://secunia.com/advisories/28228
来源: UBUNTU
名称: USN-579-1
链接:http://www.ubuntu.com/usn/usn-579-1
来源: BID
名称: 27112
链接:http://www.securityfocus.com/bid/27112
来源: SUSE
名称: SUSE-SR:2008:002
链接:http://www.novell.com/linux/security/advisories/suse_security_summary_report.HTML
来源: MANDRIVA
名称: MDVSA-2008:042
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:042
来源: SECUNIA
名称: 28999
链接:http://secunia.com/advisories/28999
来源: SECUNIA
名称: 28636
链接:http://secunia.com/advisories/28636
来源:NSFOCUS 名称:11345 链接:http://www.nsfocus.net/vulndb/11345
受影响实体
- Trolltech Qsslsocket:4.3.0
- Trolltech Qsslsocket:4.3.1
- Trolltech Qsslsocket:4.3.2
补丁
暂无
评论