CVE-2013-0254

2013-02-0600:00:00

ubuntu.com

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before
4.7.6, and other versions including 4.4.0 uses weak permissions
(world-readable and world-writable) for shared memory segments, which
allows local users to read sensitive information or modify critical program
data, as demonstrated by reading a pixmap being sent to an X server.

Notes

Author	Note
seth-arnold	“forthcoming 4.8.5, and the 4.7.6 [releases]”

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchqt4-x11< 4:4.6.2-0ubuntu5.6UNKNOWN
ubuntu11.10noarchqt4-x11< 4:4.7.4-0ubuntu8.3UNKNOWN
ubuntu12.04noarchqt4-x11< 4:4.8.1-0ubuntu4.4UNKNOWN
ubuntu12.10noarchqt4-x11< 4:4.8.3+dfsg-0ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	qt4-x11	< 4:4.6.2-0ubuntu5.6	UNKNOWN
ubuntu	11.10	noarch	qt4-x11	< 4:4.7.4-0ubuntu8.3	UNKNOWN
ubuntu	12.04	noarch	qt4-x11	< 4:4.8.1-0ubuntu4.4	UNKNOWN
ubuntu	12.10	noarch	qt4-x11	< 4:4.8.3+dfsg-0ubuntu3.1	UNKNOWN