REDHAT-BUG-743054: Input Validation
First published: Mon Oct 03 2011(Updated: )
An input validation failure was discovered in KSSL (<a href="https://access.redhat.com/security/cve/CVE-2011-3365">CVE-2011-3365</a>) and Rekonq (<a href="https://access.redhat.com/security/cve/CVE-2011-3366">CVE-2011-3366</a>) in KDE SC 4.6.0 up to and including KDE SC 4.7.1, however upstream indicates that ealier versions of KDE SC may also be affected. The upstream advisory [1] details are noted below: The default rendering type for a QLabel is QLabel::AutoText, which uses heuristics to determine whether to render the given content as plain text or rich text. When displaying a security dialog with a certificate, KSSL does not properly force its QLabels to use QLabel::PlainText. As a result, if given a certificate containing rich text in its fields, it will render the rich text. Specifically, a certificate containing a common name (CN) that has a table element will cause the second line of the table to be displayed. This can allow spoofing of the certificate's common name. The vulnerability and technical information about the exploit were provided by Tim Brown of Nth Dimension. We thank them for their responsible disclosure and cooperative handling of the matter. Exploitation may trick the user into beliving a certificate is legitimate when in fact it is invalid, and simply displayed incorrectly. This has been corrected via the following git [2] commits: 4.6 branch: 9ca2b26f 90607b28 4.7 branch: bd70d4e5 86622e4d frameworks: bd70d4e5 86622e4d (Note: the second commit for each branch above is a fix for kio_http that fixes a similar issue, but with only very minor security implications.) And for Rekonq, the following commits correct it in git [3]: 85f454fa 526ce56f d1711fff Finally, Qt has also received a patch to warn users about sanitizing their QLabel [4]. [1] <a href="http://www.kde.org/info/security/advisory-20111003-1.txt">http://www.kde.org/info/security/advisory-20111003-1.txt</a> [2] <a href="http://quickgit.kde.org/?p=kdelibs.git&a=summary">http://quickgit.kde.org/?p=kdelibs.git&a=summary</a> [3] <a href="http://quickgit.kde.org/?p=rekonq.git&a=summary">http://quickgit.kde.org/?p=rekonq.git&a=summary</a> [4] <a href="https://qt.gitorious.org/qt/qt/commit/31f7ecbdcdbafbac5bbfa693e4d060757244941b">https://qt.gitorious.org/qt/qt/commit/31f7ecbdcdbafbac5bbfa693e4d060757244941b</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE SC | >=4.6.0<=4.7.1 | |
| Rekonq | >=4.6.0<=4.7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2011-3365
- https://access.redhat.com/security/cve/CVE-2011-3366
- http://www.kde.org/info/security/advisory-20111003-1.txt
- http://quickgit.kde.org/?p=kdelibs.git&a=summary
- http://quickgit.kde.org/?p=rekonq.git&a=summary
- https://qt.gitorious.org/qt/qt/commit/31f7ecbdcdbafbac5bbfa693e4d060757244941b
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=743055
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=743056
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=743074
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=526185&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=526185&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=526187&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=526187&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=743194
- https://rhn.redhat.com/errata/RHSA-2011-1364.html
- https://rhn.redhat.com/errata/RHSA-2011-1385.html
- https://bugzilla.redhat.com/show_bug.cgi?id=743054
Frequently Asked Questions
What is the severity of REDHAT-BUG-743054?
The severity of REDHAT-BUG-743054 is classified as high due to the input validation failure it presents.
How do I fix REDHAT-BUG-743054?
To fix REDHAT-BUG-743054, update your KDE SC and Rekonq software to versions beyond 4.7.1.
Which software is affected by REDHAT-BUG-743054?
REDHAT-BUG-743054 affects KDE SC versions from 4.6.0 up to 4.7.1 and Rekonq versions within the same range.
What caused the vulnerability in REDHAT-BUG-743054?
The vulnerability in REDHAT-BUG-743054 was caused by an input validation failure in the affected software.
Is there a workaround for REDHAT-BUG-743054?
No official workaround is recommended for REDHAT-BUG-743054 other than upgrading to a secure version.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-3365
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/kde
- canonical/kde sc
- canonical/rekonq