Red Hat Customer Portal

Skip to main content

CVE-2013-0254

The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, which allows local users to read sensitive information or modify critical program data, as demonstrated by reading a pixmap being sent to an X server.

Details Source

Mitre

Public Date

2013-02-05 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-0254 qt: QSharedMemory class created shared memory segments with insecure permissions

Bugzilla ID

907 425

CVSS Status

verified

Base Score

4.40

Base Metrics

AV:L/AC:M/Au:N/C:P/I:P/A:P

Acknowledgements

Red Hat would like to thank the Qt project for reporting this issue. Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (qt) RHSA-2013:0669 2013-03-21

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 qt3 Not affected
Red Hat Enterprise Linux 5 qt Not affected