Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6093

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-6093
Last Modified 25 Feb 2013 12:00:00
Published 24 Feb 2013 02:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6093

Summary

The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fails and might cause users to make unsafe security decisions to accept a certificate.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 11.10

  • Canonical Ubuntu Linux 12.04

  • Canonical Ubuntu Linux 12.10

  • Novell Opensuse 11.4

  • Novell Opensuse 12.2

Application

  • Digia Qt 4.6.0

  • Digia Qt 4.6.1

  • Digia Qt 4.6.2

  • Digia Qt 4.6.3

  • Digia Qt 4.6.4

  • Digia Qt 4.6.5

  • Digia Qt 4.7.0

  • Digia Qt 4.7.1

  • Digia Qt 4.7.2

  • Digia Qt 4.7.3

  • Digia Qt 4.7.4

  • Digia Qt 4.7.5

  • Digia Qt 4.7.6

  • Digia Qt 4.8.0

  • Digia Qt 4.8.1

  • Digia Qt 4.8.2

  • Digia Qt 4.8.3

  • Digia Qt 4.8.4


References

CONFIRM - https://codereview.qt-project.org/#change,42461

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=891955

UBUNTU - USN-1723-1

MLIST - [oss-security] 20130104 Re: CVE Request -- qt: QSslSocket might report inappropriate errors when certificate verification fails

SECUNIA - 52217

CONFIRM - http://qt.gitorious.org/qt/qt/commit/691e78e5061d4cbc0de212d23b06c5dffddf2098%20%284.8%29

CONFIRM - http://qt.gitorious.org/qt/qt/commit/3b14dc93cf0ef06f1424d7d6319a1af4505faa53%20%284.7%29

MLIST - [Announce] 20130102 Qt Project Security Advisory: QSslSocket may report incorrect errors when certificate verification fails

SUSE - openSUSE-SU-2013:0256

SUSE - openSUSE-SU-2013:0211

SUSE - openSUSE-SU-2013:0204

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697582


Last Updated: 27 May 2016 11:01:56