CVE-2011-3365: Input Validation
First published: Mon Oct 03 2011(Updated: )
An input validation failure was discovered in KSSL (<a href="https://access.redhat.com/security/cve/CVE-2011-3365">CVE-2011-3365</a>) and Rekonq (<a href="https://access.redhat.com/security/cve/CVE-2011-3366">CVE-2011-3366</a>) in KDE SC 4.6.0 up to and including KDE SC 4.7.1, however upstream indicates that ealier versions of KDE SC may also be affected. The upstream advisory [1] details are noted below: The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. When displaying a security dialog with a certificate, KSSL does not properly force its QLabels to use QLabel::PlainText. As a result, if given a certificate containing rich text in its fields, it will render the rich text. Specifically, a certificate containing a common name (CN) that has a table element will cause the second line of the table to be displayed. This can allow spoofing of the certificate's common name. The vulnerability and technical information about the exploit were provided by Tim Brown of Nth Dimension. We thank them for their responsible disclosure and cooperative handling of the matter. Exploitation may trick the user into beliving a certificate is legitimate when in fact it is invalid, and simply displayed incorrectly. This has been corrected via the following git [2] commits: 4.6 branch: 9ca2b26f 90607b28 4.7 branch: bd70d4e5 86622e4d frameworks: bd70d4e5 86622e4d (Note: the second commit for each branch above is a fix for kio_http that fixes a similar issue, but with only very minor security implications.) And for Rekonq, the following commits correct it in git [3]: 85f454fa 526ce56f d1711fff Finally, Qt has also received a patch to warn users about sanitizing their QLabel [4]. [1] <a href="http://www.kde.org/info/security/advisory-20111003-1.txt">http://www.kde.org/info/security/advisory-20111003-1.txt</a> [2] <a href="http://quickgit.kde.org/?p=kdelibs.git&a=summary">http://quickgit.kde.org/?p=kdelibs.git&a=summary</a> [3] <a href="http://quickgit.kde.org/?p=rekonq.git&a=summary">http://quickgit.kde.org/?p=rekonq.git&a=summary</a> [4] <a href="https://qt.gitorious.org/qt/qt/commit/31f7ecbdcdbafbac5bbfa693e4d060757244941b">https://qt.gitorious.org/qt/qt/commit/31f7ecbdcdbafbac5bbfa693e4d060757244941b</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/kdelibs | <6:3.3.1-18.el4 | 6:3.3.1-18.el4 |
| redhat/kdelibs | <6:3.5.4-26.el5_7.1 | 6:3.5.4-26.el5_7.1 |
| redhat/kdelibs | <6:4.3.4-11.el6_1.4 | 6:4.3.4-11.el6_1.4 |
| redhat/kdelibs3 | <0:3.5.10-24.el6_1.1 | 0:3.5.10-24.el6_1.1 |
| KDE SC | =4.6.4 | |
| KDE SC | =4.7.0 | |
| KDE SC | =4.6.1 | |
| KDE SC | =4.7.1 | |
| KDE SC | =4.6.2 | |
| KDE SC | =4.6.3 | |
| KDE SC | =4.6.0 | |
| KDE SC | =4.6.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2011-1385.html
- https://bugzilla.redhat.com/show_bug.cgi?id=743054
- http://www.kde.org/info/security/advisory-20111003-1.txt
- http://www.redhat.com/support/errata/RHSA-2011-1364.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:162
- https://www.cve.org/CVERecord?id=CVE-2011-3365 https://nvd.nist.gov/vuln/detail/CVE-2011-3365
- https://access.redhat.com/errata/RHSA-2011:1385
- https://access.redhat.com/errata/RHSA-2011:1364
- https://access.redhat.com/security/cve/CVE-2011-3365
- https://access.redhat.com/security/cve/CVE-2011-3366
- http://quickgit.kde.org/?p=kdelibs.git&a=summary
- http://quickgit.kde.org/?p=rekonq.git&a=summary
- https://qt.gitorious.org/qt/qt/commit/31f7ecbdcdbafbac5bbfa693e4d060757244941b
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=743055
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=743056
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=743074
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=526185&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=526185&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=526187&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=526187&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=743194
- https://rhn.redhat.com/errata/RHSA-2011-1364.html
- https://rhn.redhat.com/errata/RHSA-2011-1385.html
Frequently Asked Questions
What is the severity of CVE-2011-3365?
CVE-2011-3365 is rated as a moderate severity vulnerability due to an input validation failure.
How do I fix CVE-2011-3365?
To fix CVE-2011-3365, upgrade to a version of kdelibs that is later than 6:3.3.1-18.el4 or the appropriate patched version for your distribution.
Which versions are affected by CVE-2011-3365?
CVE-2011-3365 affects KDE SC versions from 4.6.0 up to and including 4.7.1.
What software does CVE-2011-3365 impact?
CVE-2011-3365 impacts the kdelibs package in various versions and distributions of KDE SC.
Is there a patch available for CVE-2011-3365?
Yes, patches for CVE-2011-3365 are available as part of updates to affected kdelibs versions.
- collector/redhat-cve
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/references
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-3365
- agent/trending
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- vendor/kde
- canonical/kde sc
- version/kde sc/4.6.4
- version/kde sc/4.7.0
- version/kde sc/4.6.1
- version/kde sc/4.7.1
- version/kde sc/4.6.2
- version/kde sc/4.6.3
- version/kde sc/4.6.0
- version/kde sc/4.6.5