ID B206DD82-AC67-11D9-A788-0001020EED82 Type freebsd Reporter FreeBSD Modified 2005-04-20T00:00:00
Description
AD-LAB reports that a heap-based buffer overflow
vulnerability exists in OpenOffice's handling of DOC
documents. When reading a DOC document 16 bit from a 32 bit
integer is used for memory allocation, but the full 32 bit
is used for further processing of the document. This can
allow an attacker to crash OpenOffice, or potentially
execute arbitrary code as the user running OpenOffice, by
tricking an user into opening a specially crafted DOC
document.
{"cve": [{"lastseen": "2017-10-11T11:06:11", "bulletinFamily": "NVD", "description": "The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.", "modified": "2017-10-10T21:30:01", "published": "2005-05-02T00:00:00", "id": "CVE-2005-0941", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0941", "title": "CVE-2005-0941", "type": "cve", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-02-21T01:09:13", "bulletinFamily": "scanner", "description": "Updated openoffice.org packages are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nOpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program.\n\nA heap based buffer overflow bug was found in the OpenOffice.org DOC file processor. An attacker could create a carefully crafted DOC file in such a way that it could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0941 to this issue.\n\nAll users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes for these issues.", "modified": "2018-11-10T00:00:00", "id": "CENTOS_RHSA-2005-375.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21813", "published": "2006-07-03T00:00:00", "title": "CentOS 3 / 4 : OpenOffice.org (CESA-2005:375)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:375 and \n# CentOS Errata and Security Advisory 2005:375 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21813);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2018/11/10 11:49:27\");\n\n script_cve_id(\"CVE-2005-0941\");\n script_xref(name:\"RHSA\", value:\"2005:375\");\n\n script_name(english:\"CentOS 3 / 4 : OpenOffice.org (CESA-2005:375)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openoffice.org packages are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nOpenOffice.org is an office productivity suite that includes desktop\napplications such as a word processor, spreadsheet, presentation\nmanager, formula editor, and drawing program.\n\nA heap based buffer overflow bug was found in the OpenOffice.org DOC\nfile processor. An attacker could create a carefully crafted DOC file\nin such a way that it could cause OpenOffice.org to execute arbitrary\ncode when the file was opened by a victim. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2005-0941 to this issue.\n\nAll users of OpenOffice.org are advised to upgrade to these updated\npackages, which contain backported fixes for these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-April/011608.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c8ddcc4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-April/011611.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?77d82674\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-April/011612.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3e99c74c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected openoffice.org packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openoffice.org-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"openoffice.org-1.1.2-24.2.0.EL3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"openoffice.org-1.1.2-24.2.0.EL3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"openoffice.org-i18n-1.1.2-24.2.0.EL3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"openoffice.org-i18n-1.1.2-24.2.0.EL3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"i386\", reference:\"openoffice.org-libs-1.1.2-24.2.0.EL3\")) flag++;\nif (rpm_check(release:\"CentOS-3\", cpu:\"x86_64\", reference:\"openoffice.org-libs-1.1.2-24.2.0.EL3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openoffice.org-1.1.2-24.6.0.EL4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openoffice.org-1.1.2-24.6.0.EL4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openoffice.org-i18n-1.1.2-24.6.0.EL4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openoffice.org-i18n-1.1.2-24.6.0.EL4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openoffice.org-kde-1.1.2-24.6.0.EL4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openoffice.org-kde-1.1.2-24.6.0.EL4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"i386\", reference:\"openoffice.org-libs-1.1.2-24.6.0.EL4\")) flag++;\nif (rpm_check(release:\"CentOS-4\", cpu:\"x86_64\", reference:\"openoffice.org-libs-1.1.2-24.6.0.EL4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:32", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200504-13 (OpenOffice.Org: DOC document Heap Overflow)\n\n AD-LAB has discovered a heap overflow in the 'StgCompObjStream::Load()' function when processing DOC documents.\n Impact :\n\n An attacker could design a malicious DOC document containing a specially crafted header which, when processed by OpenOffice.Org, would result in the execution of arbitrary code with the rights of the user running the application.\n Workaround :\n\n There is no known workaround at this time.", "modified": "2018-12-18T00:00:00", "id": "GENTOO_GLSA-200504-13.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18060", "published": "2005-04-16T00:00:00", "title": "GLSA-200504-13 : OpenOffice.Org: DOC document Heap Overflow", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200504-13.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18060);\n script_version(\"1.17\");\n script_cvs_date(\"Date: 2018/12/18 10:18:58\");\n\n script_cve_id(\"CVE-2005-0941\");\n script_xref(name:\"GLSA\", value:\"200504-13\");\n\n script_name(english:\"GLSA-200504-13 : OpenOffice.Org: DOC document Heap Overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200504-13\n(OpenOffice.Org: DOC document Heap Overflow)\n\n AD-LAB has discovered a heap overflow in the 'StgCompObjStream::Load()'\n function when processing DOC documents.\n \nImpact :\n\n An attacker could design a malicious DOC document containing a\n specially crafted header which, when processed by OpenOffice.Org, would\n result in the execution of arbitrary code with the rights of the user\n running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n # http://www.openoffice.org/issues/show_bug.cgi?id=46388\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bz.apache.org/ooo/show_bug.cgi?id=46388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200504-13\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All OpenOffice.Org users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-office/openoffice-1.1.4-r1'\n All OpenOffice.Org binary users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-office/openoffice-bin-1.1.4-r1'\n All OpenOffice.Org Ximian users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose app-office/openoffice-ximian\n Note to PPC users: There is no stable OpenOffice.Org fixed version for\n the PPC architecture. Affected users should switch to the latest\n OpenOffice.Org Ximian version.\n Note to SPARC users: There is no stable OpenOffice.Org fixed version\n for the SPARC architecture. Affected users should switch to the latest\n OpenOffice.Org Ximian version.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openoffice-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:openoffice-ximian\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/16\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-office/openoffice-ximian\", unaffected:make_list(\"ge 1.3.9-r1\", \"rge 1.3.6-r1\", \"rge 1.3.7-r1\"), vulnerable:make_list(\"lt 1.3.9-r1\"))) flag++;\nif (qpkg_check(package:\"app-office/openoffice-bin\", unaffected:make_list(\"ge 1.1.4-r1\"), vulnerable:make_list(\"lt 1.1.4-r1\"))) flag++;\nif (qpkg_check(package:\"app-office/openoffice\", unaffected:make_list(\"ge 1.1.4-r1\"), vulnerable:make_list(\"lt 1.1.4-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"OpenOffice.Org\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:32", "bulletinFamily": "scanner", "description": "Updated openoffice.org packages are now available.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nOpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program.\n\nA heap based buffer overflow bug was found in the OpenOffice.org DOC file processor. An attacker could create a carefully crafted DOC file in such a way that it could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0941 to this issue.\n\nAll users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes for these issues.", "modified": "2018-12-20T00:00:00", "id": "REDHAT-RHSA-2005-375.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18129", "published": "2005-04-25T00:00:00", "title": "RHEL 3 / 4 : openoffice.org (RHSA-2005:375)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:375. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18129);\n script_version (\"1.24\");\n script_cvs_date(\"Date: 2018/12/20 11:08:45\");\n\n script_cve_id(\"CVE-2005-0941\");\n script_xref(name:\"RHSA\", value:\"2005:375\");\n\n script_name(english:\"RHEL 3 / 4 : openoffice.org (RHSA-2005:375)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated openoffice.org packages are now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nOpenOffice.org is an office productivity suite that includes desktop\napplications such as a word processor, spreadsheet, presentation\nmanager, formula editor, and drawing program.\n\nA heap based buffer overflow bug was found in the OpenOffice.org DOC\nfile processor. An attacker could create a carefully crafted DOC file\nin such a way that it could cause OpenOffice.org to execute arbitrary\ncode when the file was opened by a victim. The Common Vulnerabilities\nand Exposures project (cve.mitre.org) has assigned the name\nCVE-2005-0941 to this issue.\n\nAll users of OpenOffice.org are advised to upgrade to these updated\npackages, which contain backported fixes for these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0941\"\n );\n # http://www.openoffice.org/issues/show_bug.cgi?id=46388\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bz.apache.org/ooo/show_bug.cgi?id=46388\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:375\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openoffice.org\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openoffice.org-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openoffice.org-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openoffice.org-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:375\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"openoffice.org-1.1.2-24.2.0.EL3\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"openoffice.org-i18n-1.1.2-24.2.0.EL3\")) flag++;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"openoffice.org-libs-1.1.2-24.2.0.EL3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openoffice.org-1.1.2-24.6.0.EL4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openoffice.org-i18n-1.1.2-24.6.0.EL4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openoffice.org-kde-1.1.2-24.6.0.EL4\")) flag++;\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"openoffice.org-libs-1.1.2-24.6.0.EL4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openoffice.org / openoffice.org-i18n / openoffice.org-kde / etc\");\n }\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:33", "bulletinFamily": "scanner", "description": "AD-LAB discovered a heap overflow in the StgCompObjStream::Load() function when OpenOffice.org processes DOC documents. If an attacker created a malicious DOC document that contained a specially crafted header, it could execute arbitrary code with the rights of the user running OpenOffice.org.\n\nThe updated packages have been patched to prevent this problem.", "modified": "2018-07-19T00:00:00", "id": "MANDRAKE_MDKSA-2005-082.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18236", "published": "2005-05-11T00:00:00", "title": "Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2005:082)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:082. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18236);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2005-0941\");\n script_xref(name:\"MDKSA\", value:\"2005:082\");\n\n script_name(english:\"Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2005:082)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"AD-LAB discovered a heap overflow in the StgCompObjStream::Load()\nfunction when OpenOffice.org processes DOC documents. If an attacker\ncreated a malicious DOC document that contained a specially crafted\nheader, it could execute arbitrary code with the rights of the user\nrunning OpenOffice.org.\n\nThe updated packages have been patched to prevent this problem.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.openoffice.org/issues/show_bug.cgi?id=46388\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-help-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-l10n-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:OpenOffice.org-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-cs-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-de-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-en-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-es-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-eu-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-fi-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-fr-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-it-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-ja-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-ko-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-nl-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-ru-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-sk-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-sl-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-sv-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-zh_CN-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-help-zh_TW-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-af-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ar-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ca-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-cs-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-cy-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-da-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-de-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-el-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-en-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-es-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-et-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-eu-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-fi-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-fr-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-he-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-hu-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-it-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ja-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ko-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-nb-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-nl-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-nn-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ns-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-pl-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-pt-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-pt_BR-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ru-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-sk-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-sl-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-sv-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-tr-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-zh_CN-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-zh_TW-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-zu-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"OpenOffice.org-libs-1.1.3-2.1.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-cs-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-de-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-en-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-es-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-eu-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-fi-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-fr-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-it-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-ja-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-ko-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-nl-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-pt_BR-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-ru-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-sk-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-sl-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-sv-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-tr-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-zh_CN-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-help-zh_TW-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-af-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ar-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ca-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-cs-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-cy-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-da-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-de-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-el-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-en-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-es-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-et-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-eu-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-fi-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-fr-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-he-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-hu-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-it-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ja-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ko-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-nb-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-nl-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-nn-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ns-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-pl-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-pt-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-pt_BR-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-ru-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-sk-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-sl-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-sv-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-tr-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-zh_CN-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-zh_TW-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-l10n-zu-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"OpenOffice.org-libs-1.1.4-7.1.102mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:32", "bulletinFamily": "scanner", "description": "The remote host is missing the patch for the advisory SUSE-SA:2005:025 (OpenOffice_org).\n\n\nThis security update fixes a buffer overflow in OpenOffice_org Microsoft Word document reader which could allow a remote attacker sending a handcrafted .doc file to execute code as the user opening the document in OpenOffice.\n\nThis is tracked by the Mitre CVE ID CVE-2005-0941.\n\n\nWARNING: The updated packages are very large for distributions before SUSE Linux 9.2 and 9.3.\n\nThe minimum download sizes for those are:\nSUSE Linux Desktop 1: 47 MB Novell Linux Desktop 9: 41 MB SUSE Linux 8.2: 37 MB SUSE Linux 9.0: 46 MB SUSE Linux 9.1: 50 MB SUSE Linux 9.2: 2.1 MB (using delta rpm) SUSE Linux 9.3: 3.5 MB (using delta rpm)", "modified": "2016-12-27T00:00:00", "id": "SUSE_SA_2005_025.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18096", "published": "2005-04-19T00:00:00", "title": "SUSE-SA:2005:025: OpenOffice_org", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:025\n#\n\n\nif ( ! defined_func(\"bn_random\") ) exit(0);\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(18096);\n script_version (\"$Revision: 1.7 $\");\n script_cve_id(\"CVE-2005-0941\");\n \n name[\"english\"] = \"SUSE-SA:2005:025: OpenOffice_org\";\n \n script_name(english:name[\"english\"]);\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a vendor-supplied security patch\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing the patch for the advisory SUSE-SA:2005:025 (OpenOffice_org).\n\n\nThis security update fixes a buffer overflow in OpenOffice_org\nMicrosoft Word document reader which could allow a remote attacker\nsending a handcrafted .doc file to execute code as the user\nopening the document in OpenOffice.\n\nThis is tracked by the Mitre CVE ID CVE-2005-0941.\n\n\nWARNING: The updated packages are very large for distributions before\nSUSE Linux 9.2 and 9.3.\n\nThe minimum download sizes for those are:\nSUSE Linux Desktop 1: 47 MB\nNovell Linux Desktop 9: 41 MB\nSUSE Linux 8.2: 37 MB\nSUSE Linux 9.0: 46 MB\nSUSE Linux 9.1: 50 MB\nSUSE Linux 9.2: 2.1 MB (using delta rpm)\nSUSE Linux 9.3: 3.5 MB (using delta rpm)\" );\n script_set_attribute(attribute:\"solution\", value:\n\"http://www.suse.de/security/advisories/2005_25_openoffice_org.html\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n\n\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2005/04/19\");\n script_cvs_date(\"$Date: 2016/12/27 20:14:33 $\");\n script_end_attributes();\n\n \n summary[\"english\"] = \"Check for the version of the OpenOffice_org package\";\n script_summary(english:summary[\"english\"]);\n \n script_category(ACT_GATHER_INFO);\n \n script_copyright(english:\"This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.\");\n family[\"english\"] = \"SuSE Local Security Checks\";\n script_family(english:family[\"english\"]);\n \n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/SuSE/rpm-list\");\n exit(0);\n}\n\ninclude(\"rpm.inc\");\nif ( rpm_check( reference:\"OpenOffice_org-1.0.2-76\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-cs-1.0.2-76\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-de-1.0.2-76\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-en-1.0.2-76\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-en-help-1.0.2-76\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-es-1.0.2-76\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-fr-1.0.2-76\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-hu-1.0.2-76\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-it-1.0.2-76\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-nl-1.0.2-76\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-sv-1.0.2-76\", release:\"SUSE8.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ar-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-cs-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-da-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-de-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-el-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-en-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-en-help-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-es-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-fr-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-hu-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-it-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ja-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ko-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-nl-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-pl-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-pt-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ru-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-sk-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-sv-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-tr-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-zh-CN-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-zh-TW-1.1-100\", release:\"SUSE9.0\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ar-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-cs-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-da-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-de-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-el-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-en-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-en-help-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-es-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-et-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-fr-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-hu-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-it-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ja-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ko-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-nl-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-pl-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-pt-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ru-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-sk-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-sl-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-sv-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-tr-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-zh-CN-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-zh-TW-1.1.1-23.6\", release:\"SUSE9.1\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ar-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ca-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-cs-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-da-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-de-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-el-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-en-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-en-help-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-es-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-et-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-fi-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-fr-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-gnome-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-hu-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-it-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ja-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-kde-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ko-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-nl-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-pl-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-pt-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ru-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-sk-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-sl-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-sv-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-tr-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-zh-CN-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-zh-TW-1.1.3-16.2\", release:\"SUSE9.2\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ar-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ca-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-cs-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-da-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-de-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-de-templates-8.2-157\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-el-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-es-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-et-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-fi-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-fr-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-gnome-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-hu-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-it-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ja-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-kde-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ko-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-nl-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-pl-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-pt-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-ru-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-sk-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-sl-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-sv-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-tr-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-zh-CN-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif ( rpm_check( reference:\"OpenOffice_org-zh-TW-1.9.79-9.2\", release:\"SUSE9.3\") )\n{\n security_warning(0);\n exit(0);\n}\nif (rpm_exists(rpm:\"OpenOffice_org-\", release:\"SUSE8.2\")\n || rpm_exists(rpm:\"OpenOffice_org-\", release:\"SUSE9.0\")\n || rpm_exists(rpm:\"OpenOffice_org-\", release:\"SUSE9.1\")\n || rpm_exists(rpm:\"OpenOffice_org-\", release:\"SUSE9.2\")\n || rpm_exists(rpm:\"OpenOffice_org-\", release:\"SUSE9.3\") )\n{\n set_kb_item(name:\"CVE-2005-0941\", value:TRUE);\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:40", "bulletinFamily": "scanner", "description": "AD-LAB reports that a heap-based buffer overflow vulnerability exists in OpenOffice's handling of DOC documents. When reading a DOC document 16 bit from a 32 bit integer is used for memory allocation, but the full 32 bit is used for further processing of the document. This can allow an attacker to crash OpenOffice, or potentially execute arbitrary code as the user running OpenOffice, by tricking an user into opening a specially crafted DOC document.", "modified": "2018-12-19T00:00:00", "id": "FREEBSD_PKG_B206DD82AC6711D9A7880001020EED82.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19084", "published": "2005-07-13T00:00:00", "title": "FreeBSD : openoffice -- DOC document heap overflow vulnerability (b206dd82-ac67-11d9-a788-0001020eed82)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19084);\n script_version(\"1.19\");\n script_cvs_date(\"Date: 2018/12/19 13:21:17\");\n\n script_cve_id(\"CVE-2005-0941\");\n script_bugtraq_id(13092);\n\n script_name(english:\"FreeBSD : openoffice -- DOC document heap overflow vulnerability (b206dd82-ac67-11d9-a788-0001020eed82)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"AD-LAB reports that a heap-based buffer overflow vulnerability exists\nin OpenOffice's handling of DOC documents. When reading a DOC document\n16 bit from a 32 bit integer is used for memory allocation, but the\nfull 32 bit is used for further processing of the document. This can\nallow an attacker to crash OpenOffice, or potentially execute\narbitrary code as the user running OpenOffice, by tricking an user\ninto opening a specially crafted DOC document.\"\n );\n # http://marc.theaimsgroup.com/?l=bugtraq&m=111325305109137\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://marc.info/?l=bugtraq&m=111325305109137\"\n );\n # http://www.openoffice.org/issues/show_bug.cgi?id=46388\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bz.apache.org/ooo/show_bug.cgi?id=46388\"\n );\n # https://vuxml.freebsd.org/freebsd/b206dd82-ac67-11d9-a788-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6423d82a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ar-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ca-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:cs-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:de-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:dk-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:el-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:es-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:et-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:fi-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:fr-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gr-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:hu-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:it-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:jp-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ko-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:kr-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:nl-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:pl-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:pt-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:pt_BR-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:se-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:sk-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:sl-openoffice-SI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:sl-openoffice-SL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:tr-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zh-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zh-openoffice-CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zh-openoffice-TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:zh_TW-openoffice\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/04/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ar-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ar-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ca-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ca-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"cs-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"cs-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"de-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"dk-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"dk-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"el-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"el-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"es-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"es-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"et-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"et-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"fi-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"fi-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"fr-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"fr-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gr-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gr-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"hu-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"hu-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"it-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"it-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ko-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ko-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nl-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"nl-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"pl-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"pl-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"pt-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"pt-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"pt_BR-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"pt_BR-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"se-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"se-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"sk-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"sk-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"sl-openoffice-SI<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"sl-openoffice-SI>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tr-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"tr-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-openoffice-CN<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-openoffice-CN>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-openoffice-TW<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-openoffice-TW>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"jp-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"jp-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"kr-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"kr-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"sl-openoffice-SL<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"sl-openoffice-SL>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh_TW-openoffice<1.1.4_2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"zh_TW-openoffice>2.*<=2.0.20050406\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openoffice>=6.0.a609<=6.0.a638\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openoffice>=641c<=645\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openoffice=1.1RC4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openoffice=1.1rc5\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-openoffice>=6.0.a609<=6.0.a638\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-openoffice>=641c<=645\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-openoffice=1.1RC4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-openoffice=1.1rc5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-02-21T01:08:55", "bulletinFamily": "scanner", "description": "The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document.\n\nThe update for Ubuntu 5.04 (Hoary Hedgehog) also contains a translation update: The 'openoffice.org-l10n-xh' package now contains actual Xhosa translations (the previous version just shipped English strings).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2016-05-26T00:00:00", "id": "UBUNTU_USN-121-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20510", "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 / 5.04 : openoffice.org vulnerability (USN-121-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-121-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20510);\n script_version(\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/05/26 16:14:09 $\");\n\n script_cve_id(\"CVE-2005-0941\");\n script_xref(name:\"USN\", value:\"121-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : openoffice.org vulnerability (USN-121-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The StgCompObjStream::Load() failed to check the validity of a length\nfield in documents. If an attacker tricked a user to open a specially\ncrafted OpenOffice file, this triggered a buffer overflow which could\nlead to arbitrary code execution with the privileges of the user\nopening the document.\n\nThe update for Ubuntu 5.04 (Hoary Hedgehog) also contains a\ntranslation update: The 'openoffice.org-l10n-xh' package now contains\nactual Xhosa translations (the previous version just shipped English\nstrings).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-bin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-crashrep\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-gtk-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-kde\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-cy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-en\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-nb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-ns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-pt-br\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-xh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-zh-cn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-zh-tw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-l10n-zu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-mimelnk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-thesaurus-en-us\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ttf-opensymbol\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2016 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-bin\", pkgver:\"1.1.2-2ubuntu6.1-1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-crashrep\", pkgver:\"1.1.2-2ubuntu6.1-1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-af\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-ar\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-ca\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-cs\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-cy\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-da\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-de\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-el\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-en\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-es\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-et\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-fi\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-fr\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-he\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-hi\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-hu\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-it\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-ja\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-ko\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-nb\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-nl\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-nn\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-ns\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-pl\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-pt\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-pt-br\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-ru\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-sk\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-sl\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-sv\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-th\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-tr\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-zh-cn\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-zh-tw\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-l10n-zu\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-mimelnk\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"openoffice.org-thesaurus-en-us\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"ttf-opensymbol\", pkgver:\"1.1.2-2ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-bin\", pkgver:\"1.1.3-8ubuntu2.3-1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-gtk-gnome\", pkgver:\"1.1.3-8ubuntu2.3-1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-kde\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-af\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-ar\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-ca\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-cs\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-cy\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-da\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-de\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-el\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-en\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-es\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-et\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-eu\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-fi\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-fr\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-gl\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-he\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-hi\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-hu\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-it\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-ja\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-kn\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-ko\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-lt\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-nb\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-nl\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-nn\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-ns\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-pl\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-pt\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-pt-br\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-ru\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-sk\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-sl\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-sv\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-th\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-tr\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-xh\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-zh-cn\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-zh-tw\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-l10n-zu\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"openoffice.org-thesaurus-en-us\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"ttf-opensymbol\", pkgver:\"1.1.3-8ubuntu2.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openoffice.org / openoffice.org-bin / openoffice.org-crashrep / etc\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:50", "bulletinFamily": "unix", "description": "The StgCompObjStream::Load() failed to check the validity of a length field in documents. If an attacker tricked a user to open a specially crafted OpenOffice file, this triggered a buffer overflow which could lead to arbitrary code execution with the privileges of the user opening the document.\n\nThe update for Ubuntu 5.04 (Hoary Hedgehog) also contains a translation update: The \u201copenoffice.org-l10n-xh\u201d package now contains actual Xhosa translations (the previous version just shipped English strings).", "modified": "2005-05-06T00:00:00", "published": "2005-05-06T00:00:00", "id": "USN-121-1", "href": "https://usn.ubuntu.com/121-1/", "title": "OpenOffice.org vulnerability", "type": "ubuntu", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:43:03", "bulletinFamily": "unix", "description": "This security update fixes a buffer overflow in OpenOffice_org Microsoft Word document reader which could allow a remote attacker sending a handcrafted .doc file to execute code as the user opening the document in OpenOffice.\n#### Solution\nInstall the updated packages. A possible workaround is to not open .DOC files from untrusted sources.", "modified": "2005-04-19T13:07:31", "published": "2005-04-19T13:07:31", "id": "SUSE-SA:2005:025", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-04/msg00017.html", "type": "suse", "title": "remote code execution in OpenOffice_org", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:59", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200504-13.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54915", "id": "OPENVAS:54915", "title": "Gentoo Security Advisory GLSA 200504-13 (OpenOffice)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"OpenOffice.Org is vulnerable to a heap overflow when processing DOC\ndocuments, which could lead to arbitrary code execution.\";\ntag_solution = \"All OpenOffice.Org users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-office/openoffice-1.1.4-r1'\n\nAll OpenOffice.Org binary users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose\n'>=app-office/openoffice-bin-1.1.4-r1'\n\nAll OpenOffice.Org Ximian users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose app-office/openoffice-ximian\n\nNote to PPC users: There is no stable OpenOffice.Org fixed version for the\nPPC architecture. Affected users should switch to the latest\nOpenOffice.Org Ximian version.\n\nNote to SPARC users: There is no stable OpenOffice.Org fixed version for\nthe SPARC architecture. Affected users should switch to the latest\nOpenOffice.Org Ximian version.\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200504-13\nhttp://bugs.gentoo.org/show_bug.cgi?id=88863\nhttp://www.openoffice.org/issues/show_bug.cgi?id=46388\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200504-13.\";\n\n \n\nif(description)\n{\n script_id(54915);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(13092);\n script_cve_id(\"CVE-2005-0941\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200504-13 (OpenOffice)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-office/openoffice\", unaffected: make_list(\"ge 1.1.4-r1\"), vulnerable: make_list(\"lt 1.1.4-r1\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-office/openoffice-bin\", unaffected: make_list(\"ge 1.1.4-r1\"), vulnerable: make_list(\"lt 1.1.4-r1\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"app-office/openoffice-ximian\", unaffected: make_list(\"ge 1.3.9-r1\", \"rge 1.3.6-r1\", \"rge 1.3.7-r1\"), vulnerable: make_list(\"lt 1.3.9-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:24", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-26T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52138", "id": "OPENVAS:52138", "title": "openoffice -- DOC document heap overflow vulnerability", "type": "openvas", "sourceData": "#\n#VID b206dd82-ac67-11d9-a788-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n openoffice ar-openoffice ca-openoffice cs-openoffice de-openoffice\n dk-openoffice el-openoffice es-openoffice et-openoffice fi-openoffice\n fr-openoffice gr-openoffice hu-openoffice it-openoffice ja-openoffice\n ko-openoffice nl-openoffice pl-openoffice pt-openoffice pt_BR-openoffice\n ru-openoffice se-openoffice sk-openoffice sl-openoffice-SI tr-openoffice\n zh-openoffice-CN zh-openoffice-TW jp-openoffice kr-openoffice\n sl-openoffice-SL zh-openoffice zh_TW-openoffice\n\nCVE-2005-0941\nThe StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4\nand earlier allocates memory based on 16 bit length values, but\nprocess memory using 32 bit values, which allows remote attackers to\ncause a denial of service and possibly execute arbitrary code via a\nDOC document with certain length values, which leads to a heap-based\nbuffer overflow.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.openoffice.org/issues/show_bug.cgi?id=46388\nhttp://marc.theaimsgroup.com/?l=bugtraq&m=111325305109137\nhttp://www.vuxml.org/freebsd/b206dd82-ac67-11d9-a788-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52138);\n script_version(\"$Revision: 4144 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-26 07:28:56 +0200 (Mon, 26 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-0941\");\n script_bugtraq_id(13092);\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"openoffice -- DOC document heap overflow vulnerability\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ar-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package ar-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package ar-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ca-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package ca-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package ca-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"cs-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package cs-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package cs-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"de-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package de-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package de-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"dk-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package dk-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package dk-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"el-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package el-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package el-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"es-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package es-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package es-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"et-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package et-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package et-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"fi-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package fi-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package fi-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"fr-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package fr-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package fr-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"gr-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package gr-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package gr-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"hu-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package hu-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package hu-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"it-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package it-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package it-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package ja-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package ja-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ko-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package ko-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package ko-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"nl-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package nl-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package nl-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"pl-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package pl-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package pl-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"pt-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package pt-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package pt-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"pt_BR-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package pt_BR-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package pt_BR-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package ru-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package ru-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"se-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package se-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package se-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"sk-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package sk-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package sk-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"sl-openoffice-SI\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package sl-openoffice-SI version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package sl-openoffice-SI version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"tr-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package tr-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package tr-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"zh-openoffice-CN\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package zh-openoffice-CN version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package zh-openoffice-CN version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"zh-openoffice-TW\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package zh-openoffice-TW version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package zh-openoffice-TW version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"jp-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package jp-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package jp-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"kr-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package kr-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package kr-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"sl-openoffice-SL\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package sl-openoffice-SL version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package sl-openoffice-SL version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"zh-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package zh-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package zh-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"zh_TW-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4_2\")<0) {\n txt += 'Package zh_TW-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"2\")>0 && revcomp(a:bver, b:\"2.0.20050406\")<=0) {\n txt += 'Package zh_TW-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.a609\")>=0 && revcomp(a:bver, b:\"6.0.a638\")<=0) {\n txt += 'Package openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"641c\")>=0 && revcomp(a:bver, b:\"645\")<=0) {\n txt += 'Package openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1RC4\")==0) {\n txt += 'Package openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1rc5\")==0) {\n txt += 'Package openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-openoffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"6.0.a609\")>=0 && revcomp(a:bver, b:\"6.0.a638\")<=0) {\n txt += 'Package ja-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"641c\")>=0 && revcomp(a:bver, b:\"645\")<=0) {\n txt += 'Package ja-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1RC4\")==0) {\n txt += 'Package ja-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1rc5\")==0) {\n txt += 'Package ja-openoffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:11", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.openoffice.org\nVendor Specific News/Changelog Entry: http://www.openoffice.org/issues/show_bug.cgi?id=46388\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2005-Apr/0007.html)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2005-Sep/0012.html)\nSecurity Tracker: 1013680\n[Secunia Advisory ID:14912](https://secuniaresearch.flexerasoftware.com/advisories/14912/)\n[Secunia Advisory ID:15111](https://secuniaresearch.flexerasoftware.com/advisories/15111/)\n[Secunia Advisory ID:15256](https://secuniaresearch.flexerasoftware.com/advisories/15256/)\n[Secunia Advisory ID:17027](https://secuniaresearch.flexerasoftware.com/advisories/17027/)\n[Secunia Advisory ID:14995](https://secuniaresearch.flexerasoftware.com/advisories/14995/)\n[Secunia Advisory ID:14963](https://secuniaresearch.flexerasoftware.com/advisories/14963/)\n[Secunia Advisory ID:14983](https://secuniaresearch.flexerasoftware.com/advisories/14983/)\n[Secunia Advisory ID:15283](https://secuniaresearch.flexerasoftware.com/advisories/15283/)\nOther Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-375.html\nOther Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:082\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200504-13.xml\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-121-1\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0218.html\nKeyword: AD_LAB-05001\n[CVE-2005-0941](https://vulners.com/cve/CVE-2005-0941)\n", "modified": "2005-03-30T02:40:47", "published": "2005-03-30T02:40:47", "href": "https://vulners.com/osvdb/OSVDB:15491", "id": "OSVDB:15491", "title": "OpenOffice DOC Processing StgCompObjStream::Load() Function Overflow", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "centos": [{"lastseen": "2017-10-12T14:46:36", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2005:375\n\n\nOpenOffice.org is an office productivity suite that includes desktop\napplications such as a word processor, spreadsheet, presentation manager,\nformula editor, and drawing program.\n\nA heap based buffer overflow bug was found in the OpenOffice.org DOC file\nprocessor. An attacker could create a carefully crafted DOC file in such a\nway that it could cause OpenOffice.org to execute arbitrary code when the\nfile was opened by a victim. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2005-0941 to this issue.\n\nAll users of OpenOffice.org are advised to upgrade to these updated\npackages, which contain backported fixes for these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-April/011608.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-April/011611.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-April/011612.html\n\n**Affected packages:**\nopenoffice.org\nopenoffice.org-i18n\nopenoffice.org-kde\nopenoffice.org-libs\n\n**Upstream details at:**\n", "modified": "2005-04-27T06:37:59", "published": "2005-04-26T21:44:18", "href": "http://lists.centos.org/pipermail/centos-announce/2005-April/011608.html", "id": "CESA-2005:375", "title": "openoffice.org security update", "type": "centos", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:12", "bulletinFamily": "software", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nOpenOffice DOC document Heap Overflow\r\n[Security Advisory]\r\n\r\nAdvisory:[AD_LAB-05001] OpenOffice DOC document Heap Overflow\r\nClass: Design Error\r\nDATE:30/3/2005\r\nCVEID:CAN-2005-0941\r\nVulnerable:\r\n <=OpenOffice OpenOffice 1.1.4\r\n -OpenOffice OpenOffice 2.0dev\r\n\r\nUnvulnerable:\r\n Unknow\r\nVendor:\r\n www.openoffice.org\r\n\r\nI.DESCRIPTION:\r\n- -------------\r\n OpenOffice.org is an office productivity suite, including word\r\nprocessing, spreadsheets, presentations, drawings, data charting,\r\nformula editing, and file conversion facilities.\r\nThe vulnerability is caused due to a error within the .Doc document header\r\nprocessing.This can be exploited to cause a heap-based buffer overflow.\r\n\r\nII.DETAILS:\r\n- ----------\r\n There is a vulnerability in StgCompObjStream::Load() function,\r\nWhen reading DOC document information of format,memory is allocated by\r\nDOC provide length.\r\nDOC provided a 32 bits integer,and will use the low 16 bits of this\r\nnumber to allocate memory,\r\nbut when reading doc information,still use the 32 bits number as\r\nlength,this maybe cause heap\r\noverflow, and when free happened ,will cause write pointer,maybe cause\r\narbitrary code excute .\r\n\r\nBOOL StgCompObjStream::Load()\r\n{\r\n memset( &aClsId, 0, sizeof( ClsId ) );\r\n nCbFormat = 0;\r\n aUserName.Erase();\r\n if( GetError() != SVSTREAM_OK )\r\n return FALSE;\r\n Seek( 8L );\r\n INT32 nMarker = 0;\r\n *this >> nMarker;\r\n if( nMarker == -1L )\r\n {\r\n *this >> aClsId;\r\n INT32 nLen1 = 0;\r\n *this >> nLen1; // we can control this 32 bits int\r\n sal_Char* p = new sal_Char[ (USHORT) nLen1 ]; //use low 16 bits\r\nvalue to allocate memory\r\n if( Read( p, nLen1 ) == (ULONG) nLen1 ) //still use 32 bits int\r\n as length,if failed,\r\n // will goto free step,maybe cause write\r\npointer.\r\n {\r\n aUserName = String( p, gsl_getSystemTextEncoding() );\r\n ....\r\n nCbFormat = ReadClipboardFormat( *this );\r\n }\r\n else\r\n SetError( SVSTREAM_GENERALERROR );\r\n delete [] p; //free step,heap overflow cause write pointer.\r\n }\r\n return BOOL( GetError() == SVSTREAM_OK );\r\n}\r\nexample:\r\n if we provide 0x10000018 to nLen1,will allocate 0x18 length memory,\r\n Read( p, nLen1 ) still use 0x10000018 as length,then, read will fail,\r\n but readed length is bigger than allocated memory,and overwrite the\r\nnext chunk.\r\nwhen goto delete [] p;,write pointer happened. we had triggered this\r\nproblem successful.\r\n StartOffice maybe affected too. did not test.\r\n\r\n\r\nIII.CREDIT:\r\n- ----------\r\n AD-LAB discovery this vuln:)\r\nVulnerability analysis and advisory by A1rsupp1y.\r\nSpecial thanks to xalan's discussion.\r\nThank to Sam,icbm,liangbin and all Venustech AD-Lab guys:P.\r\n\r\n\r\n\r\nV.DISCLAIMS:\r\n- -----------\r\n\r\nThe information in this bulletin is provided "AS IS" without warranty of any\r\nkind. In no event shall we be liable for any damages whatsoever\r\nincluding direct,\r\nindirect, incidental, consequential, loss of business profits or special\r\ndamages.\r\n\r\nCopyright 1996-2005 VENUSTECH. All Rights Reserved. Terms of use.\r\n\r\nVENUSTECH Security Lab\r\nVENUSTECH INFORMATION TECHNOLOGY CO.,LTD(http://www.venustech.com.cn)\r\n\r\nSecurity\r\nTrusted {Solution} Provider\r\nService\r\n\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.2.4 (GNU/Linux)\r\nComment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org\r\n\r\niD8DBQFCWpCW45qy6oo73eIRAva9AJ9PUOf0jENyJYaJym+bm8/nl5i9TwCeJdz2\r\njBhYvm+GdDABp2dW1mXiPkY=\r\n=nQrL\r\n-----END PGP SIGNATURE-----\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "modified": "2005-04-11T00:00:00", "published": "2005-04-11T00:00:00", "id": "SECURITYVULNS:DOC:8283", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:8283", "title": "[Full-disclosure] OpenOffice DOC document Heap Overflow", "type": "securityvulns", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:45", "bulletinFamily": "unix", "description": "### Background\n\nOpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. \n\n### Description\n\nAD-LAB has discovered a heap overflow in the \"StgCompObjStream::Load()\" function when processing DOC documents. \n\n### Impact\n\nAn attacker could design a malicious DOC document containing a specially crafted header which, when processed by OpenOffice.Org, would result in the execution of arbitrary code with the rights of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll OpenOffice.Org users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/openoffice-1.1.4-r1\"\n\nAll OpenOffice.Org binary users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/openoffice-bin-1.1.4-r1\"\n\nAll OpenOffice.Org Ximian users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose app-office/openoffice-ximian\n\nNote to PPC users: There is no stable OpenOffice.Org fixed version for the PPC architecture. Affected users should switch to the latest OpenOffice.Org Ximian version. \n\nNote to SPARC users: There is no stable OpenOffice.Org fixed version for the SPARC architecture. Affected users should switch to the latest OpenOffice.Org Ximian version.", "modified": "2005-05-08T00:00:00", "published": "2005-04-15T00:00:00", "id": "GLSA-200504-13", "href": "https://security.gentoo.org/glsa/200504-13", "type": "gentoo", "title": "OpenOffice.Org: DOC document Heap Overflow", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "redhat": [{"lastseen": "2018-12-11T17:44:57", "bulletinFamily": "unix", "description": "OpenOffice.org is an office productivity suite that includes desktop\napplications such as a word processor, spreadsheet, presentation manager,\nformula editor, and drawing program.\n\nA heap based buffer overflow bug was found in the OpenOffice.org DOC file\nprocessor. An attacker could create a carefully crafted DOC file in such a\nway that it could cause OpenOffice.org to execute arbitrary code when the\nfile was opened by a victim. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the name CAN-2005-0941 to this issue.\n\nAll users of OpenOffice.org are advised to upgrade to these updated\npackages, which contain backported fixes for these issues.", "modified": "2017-09-08T12:09:39", "published": "2005-04-25T04:00:00", "id": "RHSA-2005:375", "href": "https://access.redhat.com/errata/RHSA-2005:375", "type": "redhat", "title": "(RHSA-2005:375) openoffice.org security update", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
