Description:
KDE, an open source desktop environment, suffers from several bugs that
pose a security risk.
The oCERT team was contacted by Portcullis Security requesting help in
handling a series of issues reported to the KDE project back in July 2007.
Because of an extended period of non-disclosure Portcullis decided to
resubmit the issues to KDE and contacted oCERT asking for assistance in
disclosure coordination.
1 x11-libs/qt < 3.3.8-r3 >= 3.3.8-r3
Description
===========
Tim Brown of Portcullis Computer Security Ltd and Dirk Mueller of KDE
reported multiple format string errors in qWarning() calls in files
qtextedit.cpp, qdatatable.cpp, qsqldatabase.cpp, qsqlindex.cpp,
qsqlrecord.cpp, qglobal.cpp, and qsvgdevice.cpp.
Impact
* One Token to Rule Them All: Post-Exploitation Fun in Windows Environments
- Luke Jennings, MWR InfoSecurity
* Building the bridge between the Web Application and the OS: GUI access
through SQL Injection - Alberto Revelli, Portcullis
* Satellite Systems - Adam Laurie, RFIDIOt.org
* Browser Exploits - Attacks and Defense - Saumil Shah, Net Square
_______________________________________________________________________
Problem Description:
A number of format string flaws have been discovered in how Qt handled
error messages by Dirk Mueller and Tracey Parry of Portcullis Computer
Security. If an application linked against Qt created an error
message from user-supplied data in a certain way, it could possibly
lead to the execution of arbitrary code or a denial of service.
This update provides packages which are patched to prevent these
is expected to be discussed in public announcements. This advisory
will be updated with references to any public messages relating to
this vulnerability once they become available.
This vulnerability was reported to Cisco by Nico Leidecker and Tracey
Parry at Portcullis Computer Security Limited. Cisco PSIRT would like
to thank these two individuals for bringing this issue to our
attention and for working with PSIRT toward coordinated disclosure of
the issue. Cisco PSIRT greatly appreciates the opportunity to work
with researchers on security vulnerabilities and welcomes the
opportunity to review and assist in product reports.
Exploiting Firefox Extensions
-Roberto Suggi Liverani & Nick Freeman, Security-Assessment.com
Stored Value Gift Cards, Magstripes Revisited
- Adrian Pastor, Gnucitizen, Corsaire
Advanced SQL Injection to operating system control
- Bernardo Damele Assumpcao Guimaraes, Portcullis
Cloning Mifare Classic
- Nicolas Courtois, University of London
Rootkits on Windows Mobile/Embedded
- Petr Matousek, Coseinc
