Red Hat Bugzilla – Bug 611086
CVE-2010-2621 Qt (QSslSocketBackendPrivate): DoS (infinite loop) via malformed request
Last modified: 2016-03-04 07:21:20 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-2621 to the following vulnerability: The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2621 [2] http://aluigi.altervista.org/adv/qtsslame-adv.txt [3] http://aluigi.org/poc/qtsslame.zip [4] http://www.securityfocus.com/bid/41250 [5] http://osvdb.org/65860 [6] http://secunia.com/advisories/40389 [7] http://www.vupen.com/english/advisories/2010/1657
This looks to be the fix for this issue: http://qt.gitorious.org/qt/qt/commit/f7fe575bc5f628533aeeca3eb564af89a1a1426b However, it was also reported that this fix causes a regression with peer certificate validation when used with openssl >= 0.9.8n: http://bugreports.qt.nokia.com/browse/QTBUG-7200 http://sourceforge.net/mailarchive/forum.php?thread_name=4C3F8BC6.9030303%40natvig.com&forum_name=mumble-packaging So this fix would work for us in those products that use an older openssl, but not in Fedora. I think it would be better to wait for a better fix. Noted via Ludwig Nussel: http://article.gmane.org/gmane.comp.security.oss.general/3198
This issue did not affect the versions of qt as shipped with Red Hat Enterprise Linux 3, 4 and 5 as it does not provide ssl socket support.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.