Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Ware, Ryan R <ryan.r.ware-ral2JQCrhuEAvxtiuMwx3w <at> public.gmane.org>
Subject: [MeeGo-SA-10:22.qt] Off By 1 Error in QT Causes Denial of Service
Newsgroups: gmane.comp.handhelds.meego.security.announce
Date: Wednesday 19th January 2011 03:53:02 UTC (over 5 years ago)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
MeeGo-SA-10:22.qt				            Security Advisory
                                                                MeeGo
Project

Topic:          Off By 1 Error in QT Causes Denial of Service

Category:       Graphics
Module:         qt
Announced:      September 3, 2010
Affects:        MeeGo 1.0
Corrected:      September 3, 2010
MeeGo BID:	3999
CVE:		CVE-2010-1766

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit http://www.MeeGo.com/>.

I.   Background

Qt is a cross-platform application and UI framework. Using Qt, you can
write
web-enabled applications once and deploy them across desktop, mobile and
embedded operating systems without rewriting the source code.

II.  Problem Description

CVE-2010-1766: ff-by-one error in the
WebSocketHandshake::readServerHandshake function in
websockets/WebSocketHandshake.cpp in WebCore in WebKit before r56380,
as used in Qt and other products, allows remote websockets servers to
cause a denial of service (memory corruption) or possibly have
unspecified other impact via an upgrade header that is long and
invalid.
CVSS v2 Base: 7.5 (HIGH)
Access Vector: Network exploitable

III. Impact

CVE-2010-1766: Denial of service or arbitrary code execution via
numeric errors (CWE-189)

IV.  Workaround

None

V.   Solution

Update to package qt-4.6.2-4.2 or later.

VI. References

http://bugs.meego.com/show_bug.cgi?id=3999
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1766
http://cwe.mitre.org/data/definitions/189.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (Darwin)

iQEcBAEBAgAGBQJNNlq+AAoJEEsJm1wYvCMbegIH/3n8MIIU6yNzSpfPDuRrAdtE
1D6gciiyxOzJiXZ5h+Lnk8svG8BLWWDUV9G6YrtuQYO/YWap3J9sy2SMqghl9Qx5
v4VzrANHxUYKCkc3m2Y47MtxTH70HF7zCdVBTUs/E5N2eLXijnsDyq207wrQ7nXS
jbicn9FclujQnzxLpKTkkO54xZR8zvZzC4Nq4o4Q/1rrOpzET8JWagJXfy0OqpJZ
VZIYpK+lxuVDwR5AnswoLf6GqFEOBSBKDlGfCy8shroCX8cQmR7fCFXnAYBSn+vb
4cjJWhm6Gm2JtVgeLQa6mW/UfOsYn5KEc6nfzgTrNOrLShYIYQV9T0SCLBmO1mw=
=JerF
-----END PGP SIGNATURE-----
 
CD: 15ms