Search...

GLSA-200509-20 : AbiWord: RTF import stack-based buffer overflow

2005-10-05T00:00:00

ID GENTOO_GLSA-200509-20.NASL
Type nessus
Reporter This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.
Modified 2005-10-05T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-200509-20 (AbiWord: RTF import stack-based buffer overflow)

Chris Evans discovered that the RTF import function in AbiWord is
vulnerable to a stack-based buffer overflow.

Impact :

An attacker could design a malicious RTF file and entice the user
to import it in AbiWord, potentially resulting in the execution of
arbitrary code with the rights of the user running AbiWord.

Workaround :

There is no known workaround at this time.

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200509-20.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(19819);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-2964");
  script_xref(name:"GLSA", value:"200509-20");

  script_name(english:"GLSA-200509-20 : AbiWord: RTF import stack-based buffer overflow");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200509-20
(AbiWord: RTF import stack-based buffer overflow)

    Chris Evans discovered that the RTF import function in AbiWord is
    vulnerable to a stack-based buffer overflow.
  
Impact :

    An attacker could design a malicious RTF file and entice the user
    to import it in AbiWord, potentially resulting in the execution of
    arbitrary code with the rights of the user running AbiWord.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200509-20"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All AbiWord users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '&gt;=app-office/abiword-2.2.10'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:abiword");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/09/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/05");
  script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"app-office/abiword", unaffected:make_list("ge 2.2.10"), vulnerable:make_list("lt 2.2.10"))) flag++;

if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "AbiWord");
}

JSON Vulners Source

Initial Source

{"id": "GENTOO_GLSA-200509-20.NASL", "bulletinFamily": "scanner", "title": "GLSA-200509-20 : AbiWord: RTF import stack-based buffer overflow", "description": "The remote host is affected by the vulnerability described in GLSA-200509-20\n(AbiWord: RTF import stack-based buffer overflow)\n\n Chris Evans discovered that the RTF import function in AbiWord is\n vulnerable to a stack-based buffer overflow.\n \nImpact :\n\n An attacker could design a malicious RTF file and entice the user\n to import it in AbiWord, potentially resulting in the execution of\n arbitrary code with the rights of the user running AbiWord.\n \nWorkaround :\n\n There is no known workaround at this time.", "published": "2005-10-05T00:00:00", "modified": "2005-10-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/19819", "reporter": "This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/200509-20"], "cvelist": ["CVE-2005-2964"], "type": "nessus", "lastseen": "2021-01-07T10:51:59", "edition": 24, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-2964"]}, {"type": "ubuntu", "idList": ["USN-188-1"]}, {"type": "gentoo", "idList": ["GLSA-200509-20"]}, {"type": "osvdb", "idList": ["OSVDB:19717"]}, {"type": "openvas", "idList": ["OPENVAS:56317", "OPENVAS:55875", "OPENVAS:55502"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:9829"]}, {"type": "nessus", "idList": ["UBUNTU_USN-188-1.NASL", "DEBIAN_DSA-894.NASL"]}, {"type": "debian", "idList": ["DEBIAN:DSA-894-1:35D0B"]}], "modified": "2021-01-07T10:51:59", "rev": 2}, "score": {"value": 7.2, "vector": "NONE", "modified": "2021-01-07T10:51:59", "rev": 2}, "vulnersScore": 7.2}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200509-20.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19819);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-2964\");\n script_xref(name:\"GLSA\", value:\"200509-20\");\n\n script_name(english:\"GLSA-200509-20 : AbiWord: RTF import stack-based buffer overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200509-20\n(AbiWord: RTF import stack-based buffer overflow)\n\n Chris Evans discovered that the RTF import function in AbiWord is\n vulnerable to a stack-based buffer overflow.\n \nImpact :\n\n An attacker could design a malicious RTF file and entice the user\n to import it in AbiWord, potentially resulting in the execution of\n arbitrary code with the rights of the user running AbiWord.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200509-20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All AbiWord users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-office/abiword-2.2.10'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:abiword\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-office/abiword\", unaffected:make_list(\"ge 2.2.10\"), vulnerable:make_list(\"lt 2.2.10\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"AbiWord\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "19819", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:abiword"], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T05:24:38", "description": "Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism.", "edition": 6, "cvss3": {}, "published": "2005-09-28T21:03:00", "title": "CVE-2005-2964", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2005-2964"], "modified": "2017-07-11T01:33:00", "cpe": ["cpe:/a:abisource:community_abiword:2.2.9"], "id": "CVE-2005-2964", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2964", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:abisource:community_abiword:2.2.9:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-09T19:40:37", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2964"], "description": "Chris Evans discovered a buffer overflow in the RTF import module of \nAbiWord. By tricking a user into opening an RTF file with specially \ncrafted long identifiers, an attacker could exploit this to execute \narbitrary code with the privileges of the AbiWord user.", "edition": 5, "modified": "2005-09-29T00:00:00", "published": "2005-09-29T00:00:00", "id": "USN-188-1", "href": "https://ubuntu.com/security/notices/USN-188-1", "title": "AbiWord vulnerability", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:45", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2964"], "edition": 1, "description": "### Background\n\nAbiWord is a free and cross-platform word processing program. It allows to import RTF files into AbiWord documents. \n\n### Description\n\nChris Evans discovered that the RTF import function in AbiWord is vulnerable to a stack-based buffer overflow. \n\n### Impact\n\nAn attacker could design a malicious RTF file and entice the user to import it in AbiWord, potentially resulting in the execution of arbitrary code with the rights of the user running AbiWord. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll AbiWord users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/abiword-2.2.10\"", "modified": "2005-09-30T00:00:00", "published": "2005-09-30T00:00:00", "id": "GLSA-200509-20", "href": "https://security.gentoo.org/glsa/200509-20", "type": "gentoo", "title": "AbiWord: RTF import stack-based buffer overflow", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:16", "bulletinFamily": "software", "cvelist": ["CVE-2005-2964"], "edition": 1, "description": "## Vulnerability Description\nA local buffer overflow exists in Abiword. The RTF importer fails to properly bound check user-supplied data resulting in a stack buffer overflow. With a specially crafted RTF file, an attacker can execute arbitrary code resulting in a loss of confidentiality.\n## Solution Description\nUpgrade to version 2.2.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA local buffer overflow exists in Abiword. The RTF importer fails to properly bound check user-supplied data resulting in a stack buffer overflow. With a specially crafted RTF file, an attacker can execute arbitrary code resulting in a loss of confidentiality.\n## References:\n[Vendor Specific Advisory URL](http://www.debian.org/security/2005/dsa-894)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml)\nSecurity Tracker: 1014982\n[Secunia Advisory ID:17012](https://secuniaresearch.flexerasoftware.com/advisories/17012/)\n[Secunia Advisory ID:17052](https://secuniaresearch.flexerasoftware.com/advisories/17052/)\n[Secunia Advisory ID:16982](https://secuniaresearch.flexerasoftware.com/advisories/16982/)\n[Secunia Advisory ID:16990](https://secuniaresearch.flexerasoftware.com/advisories/16990/)\n[Secunia Advisory ID:17215](https://secuniaresearch.flexerasoftware.com/advisories/17215/)\n[Secunia Advisory ID:17551](https://secuniaresearch.flexerasoftware.com/advisories/17551/)\nOther Advisory URL: http://www.abisource.com/changelogs/2.2.10.phtml\nOther Advisory URL: http://www.ubuntu.com/usn/usn-188-1\n[CVE-2005-2964](https://vulners.com/cve/CVE-2005-2964)\nBugtraq ID: 14971\n", "modified": "2005-09-29T05:17:01", "published": "2005-09-29T05:17:01", "href": "https://vulners.com/osvdb/OSVDB:19717", "id": "OSVDB:19717", "title": "AbiWord RTF Document Importer Overflow", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2964"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200509-20.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:55502", "href": "http://plugins.openvas.org/nasl.php?oid=55502", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200509-20 (AbiWord)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"AbiWord is vulnerable to a stack-based buffer overflow during RTF import,\nmaking it vulnerable to the execution of arbitrary code.\";\ntag_solution = \"All AbiWord users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-office/abiword-2.2.10'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200509-20\nhttp://bugs.gentoo.org/show_bug.cgi?id=107351\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200509-20.\";\n\n \n\nif(description)\n{\n script_id(55502);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_bugtraq_id(14971);\n script_cve_id(\"CVE-2005-2964\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200509-20 (AbiWord)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-office/abiword\", unaffected: make_list(\"ge 2.2.10\"), vulnerable: make_list(\"lt 2.2.10\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2972", "CVE-2005-2964"], "description": "The remote host is missing an update to abiword\nannounced via advisory DSA 894-1.\n\nChris Evans discoverd several buffer overflows in the RTF import\nmechanism of AbiWord, a WYSIWYG word processor based on GTK 2.\nOpening a specially crafted RTF file could lead to the execution of\narbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.0.2+cvs.2002.06.05-1woody3.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "id": "OPENVAS:55875", "href": "http://plugins.openvas.org/nasl.php?oid=55875", "type": "openvas", "title": "Debian Security Advisory DSA 894-1 (abiword)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_894_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 894-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) these problems have been fixed in\nversion 2.2.7-3sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.2.10-1.\n\nWe recommend that you upgrade your abiword package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20894-1\";\ntag_summary = \"The remote host is missing an update to abiword\nannounced via advisory DSA 894-1.\n\nChris Evans discoverd several buffer overflows in the RTF import\nmechanism of AbiWord, a WYSIWYG word processor based on GTK 2.\nOpening a specially crafted RTF file could lead to the execution of\narbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.0.2+cvs.2002.06.05-1woody3.\";\n\n\nif(description)\n{\n script_id(55875);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:03:37 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2005-2964\", \"CVE-2005-2972\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Debian Security Advisory DSA 894-1 (abiword)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"abiword-doc\", ver:\"1.0.2+cvs.2002.06.05-1woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfonts-abi\", ver:\"1.0.2+cvs.2002.06.05-1woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abiword\", ver:\"1.0.2+cvs.2002.06.05-1woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abiword-common\", ver:\"1.0.2+cvs.2002.06.05-1woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abiword-gnome\", ver:\"1.0.2+cvs.2002.06.05-1woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abiword-gtk\", ver:\"1.0.2+cvs.2002.06.05-1woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abiword-plugins\", ver:\"1.0.2+cvs.2002.06.05-1woody3\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abiword-common\", ver:\"2.2.7-3sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abiword-doc\", ver:\"2.2.7-3sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abiword-help\", ver:\"2.2.7-3sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"xfonts-abi\", ver:\"2.2.7-3sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abiword\", ver:\"2.2.7-3sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abiword-gnome\", ver:\"2.2.7-3sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abiword-plugins\", ver:\"2.2.7-3sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"abiword-plugins-gnome\", ver:\"2.2.7-3sarge2\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2972", "CVE-2005-2964"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-21T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:56317", "href": "http://plugins.openvas.org/nasl.php?oid=56317", "type": "openvas", "title": "FreeBSD Ports: koffice", "sourceData": "#\n#VID 9cd52bc6-a213-11da-b410-000e0c2e438a\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n koffice\n abiword\n\nCVE-2005-2972\nMultiple stack-based buffer overflows in the RTF import feature in\nAbiWord before 2.2.11 allow user-complicit attackers to execute\narbitrary code via an RTF file with long identifiers, which are not\nproperly handled in the (1) ParseLevelText, (2) getCharsInsideBrace,\n(3) HandleLists, (4) or (5) HandleAbiLists functions in\nie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://scary.beasts.org/security/CESA-2005-006.txt\nhttp://www.abisource.com/changelogs/2.2.11.phtml\nhttp://www.kde.org/info/security/advisory-20051011-1.txt\nhttp://www.vuxml.org/freebsd/9cd52bc6-a213-11da-b410-000e0c2e438a.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(56317);\n script_version(\"$Revision: 4125 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-21 07:39:51 +0200 (Wed, 21 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-2972\");\n script_bugtraq_id(15096);\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: koffice\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"koffice\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.2.0\")>0 && revcomp(a:bver, b:\"1.4.1_1,1\")<0) {\n txt += 'Package koffice version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"abiword\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.2.11\")<0) {\n txt += 'Package abiword version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:14", "bulletinFamily": "software", "cvelist": ["CVE-2005-2964"], "description": "===========================================================\r\nUbuntu Security Notice USN-188-1 September 29, 2005\r\nabiword vulnerability\r\nCAN-2005-2964\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 4.10 (Warty Warthog)\r\nUbuntu 5.04 (Hoary Hedgehog)\r\n\r\nThe following packages are affected:\r\n\r\nabiword\r\nabiword-gnome\r\n\r\nThe problem can be corrected by upgrading the affected package to\r\nversion 2.0.7+cvs.2004.05.05-1ubuntu3.2 (for Ubuntu 4.10), or\r\n2.2.2-1ubuntu2.1 (for Ubuntu 5.04). After a standard system upgrade\r\nyou need to restart AbiWord to effect the necessary changes.\r\n\r\nDetails follow:\r\n\r\nChris Evans discovered a buffer overflow in the RTF import module of\r\nAbiWord. By tricking a user into opening an RTF file with specially\r\ncrafted long identifiers, an attacker could exploit this to execute\r\narbitrary code with the privileges of the AbiWord user.\r\n\r\n\r\nUpdated packages for Ubuntu 4.10 (Warty Warthog):\r\n\r\n Source archives:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2.diff.gz\r\n Size/MD5: 52528 fd23a2e739ddd87fbd0cad74856796a6\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2.dsc\r\n Size/MD5: 1157 9600f4af290ff4f837e1671dc169eb3f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05.orig.tar.gz\r\n Size/MD5: 21903248 665596f852d4e8d0c31c17fc292d6b29\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.0.7+cvs.2004.05.05-1ubuntu3.2_all.deb\r\n Size/MD5: 4085590 c78690485027b4ad72b52988ad331b11\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.0.7+cvs.2004.05.05-1ubuntu3.2_all.deb\r\n Size/MD5: 543094 c6f2dc732a938bfe930ebf307c399f74\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.0.7+cvs.2004.05.05-1ubuntu3.2_all.deb\r\n Size/MD5: 16538 16813c39182d409faf16f1d3e941ffca\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb\r\n Size/MD5: 1455262 25d1540e08af123ee60d4d2405f1e177\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb\r\n Size/MD5: 1989388 b991bb6c82058ec7f98914d9f1cbca26\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb\r\n Size/MD5: 26744 c90ea36ddced6a8f6f43bb9e384d7836\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb\r\n Size/MD5: 367136 893fb7d77ea37b6eca0109ad204997c8\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2_amd64.deb\r\n Size/MD5: 1991294 024875038de1c36ade618a0c99bb1b9a\r\n\r\n i386 architecture (x86 compatible Intel/AMD)\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb\r\n Size/MD5: 1453084 0eb146832bc1f455f971c897c8867abf\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb\r\n Size/MD5: 1872588 7b08463ad33a654a53620153cad8b58f\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb\r\n Size/MD5: 26410 9728efbb9205dd0be3eb26817aa474fd\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb\r\n Size/MD5: 351020 500842f02161283fbe13627bdaf417ce\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2_i386.deb\r\n Size/MD5: 1876228 178a5082d913274c8d2b1f4e87bd57bd\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5)\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb\r\n Size/MD5: 1453568 1ce03972f0954d02cfa70f9706e09621\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb\r\n Size/MD5: 1972542 9dd685ca3b0d26f05f1019a2d02bb2d3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb\r\n Size/MD5: 27872 eaae7c69c5a2a93b96e6673a49c28e60\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb\r\n Size/MD5: 405560 2e49cb2b055931a569645ea6aa347400\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.2_powerpc.deb\r\n Size/MD5: 1977676 cc44b172613763e4fc2687d07920b4e7\r\n\r\nUpdated packages for Ubuntu 5.04 (Hoary Hedgehog):\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.1.diff.gz\r\n Size/MD5: 511885 064b73e18ac36e2af71f1d48cb91f820\r\n http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.1.dsc\r\n Size/MD5: 1133 1c1f333bd4e1f1ce5d7c89b0d54907da\r\n http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2.orig.tar.gz\r\n Size/MD5: 27686818 de0910da088c9d36f87ba4baed320aa7\r\n\r\n Architecture independent packages:\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.2.2-1ubuntu2.1_all.deb\r\n Size/MD5: 1611690 83fa655dc34d4e23bfca466cc618fa25\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.2.2-1ubuntu2.1_all.deb\r\n Size/MD5: 4093036 4f5260c47d3a32e9418d7a40ea460a57\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.2.2-1ubuntu2.1_all.deb\r\n Size/MD5: 555626 8c733a0d50ac9a2d156bc47b63fa22f3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.2.2-1ubuntu2.1_all.deb\r\n Size/MD5: 20254 3e03c14b1fdfdb7f0c6c2ff8332c0f11\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon)\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.1_amd64.deb\r\n Size/MD5: 2459088 06e2b96e823dd0a58cb8ad2701ee8b9c\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.1_amd64.deb\r\n Size/MD5: 35246 32b9da828577908938c212cf7f3726bb\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.1_amd64.deb\r\n Size/MD5: 366346 60b531e6351f4b61bea51276d25148a7\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.1_amd64.deb\r\n Size/MD5: 2461766 72cff86192b08f1593c26f1dbe021361\r\n\r\n i386 architecture (x86 compatible Intel/AMD)\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.1_i386.deb\r\n Size/MD5: 2305712 aed957cdcfdbef21444a7e73af3d5668\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.1_i386.deb\r\n Size/MD5: 34448 66b5a2bed84e02c02f73c4900dc3553d\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.1_i386.deb\r\n Size/MD5: 347740 8b9a61f7f4c8d5e97c4d2593fa46eed3\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.1_i386.deb\r\n Size/MD5: 2313244 42c0d7c5f8d115e0dcf4bac8d0767622\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5)\r\n\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.1_powerpc.deb\r\n Size/MD5: 2437408 579cf0c0fdd7f84f0ec4e9a7dee28228\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.1_powerpc.deb\r\n Size/MD5: 37716 fa19ad5291832300c61af24471dfe9ed\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.1_powerpc.deb\r\n Size/MD5: 405496 7ed63625f885244e388db8312d5fe1f1\r\n \r\nhttp://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.1_powerpc.deb\r\n Size/MD5: 2446222 f373c21bc7416582daa8b21da4021876", "edition": 1, "modified": "2005-09-29T00:00:00", "published": "2005-09-29T00:00:00", "id": "SECURITYVULNS:DOC:9829", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9829", "title": "[Full-disclosure] [USN-188-1] AbiWord vulnerability", "type": "securityvulns", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-20T15:25:19", "description": "Chris Evans discovered a buffer overflow in the RTF import module of\nAbiWord. By tricking a user into opening an RTF file with specially\ncrafted long identifiers, an attacker could exploit this to execute\narbitrary code with the privileges of the AbiWord user.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 / 5.04 : abiword vulnerability (USN-188-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2964"], "modified": "2006-01-15T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:abiword-doc", "p-cpe:/a:canonical:ubuntu_linux:abiword", "p-cpe:/a:canonical:ubuntu_linux:abiword-plugins-gnome", "cpe:/o:canonical:ubuntu_linux:5.04", "p-cpe:/a:canonical:ubuntu_linux:abiword-common", "p-cpe:/a:canonical:ubuntu_linux:abiword-gnome", "p-cpe:/a:canonical:ubuntu_linux:abiword-help", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:abiword-plugins", "p-cpe:/a:canonical:ubuntu_linux:xfonts-abi"], "id": "UBUNTU_USN-188-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20600", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-188-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20600);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-2964\");\n script_xref(name:\"USN\", value:\"188-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : abiword vulnerability (USN-188-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chris Evans discovered a buffer overflow in the RTF import module of\nAbiWord. By tricking a user into opening an RTF file with specially\ncrafted long identifiers, an attacker could exploit this to execute\narbitrary code with the privileges of the AbiWord user.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abiword\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abiword-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abiword-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abiword-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abiword-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abiword-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:abiword-plugins-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:xfonts-abi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"abiword\", pkgver:\"2.0.7+cvs.2004.05.05-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"abiword-common\", pkgver:\"2.0.7+cvs.2004.05.05-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"abiword-doc\", pkgver:\"2.0.7+cvs.2004.05.05-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"abiword-gnome\", pkgver:\"2.0.7+cvs.2004.05.05-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"abiword-help\", pkgver:\"2.0.7+cvs.2004.05.05-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"abiword-plugins\", pkgver:\"2.0.7+cvs.2004.05.05-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"abiword-plugins-gnome\", pkgver:\"2.0.7+cvs.2004.05.05-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"xfonts-abi\", pkgver:\"2.0.7+cvs.2004.05.05-1ubuntu3.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"abiword\", pkgver:\"2.2.2-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"abiword-common\", pkgver:\"2.2.2-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"abiword-doc\", pkgver:\"2.2.2-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"abiword-gnome\", pkgver:\"2.2.2-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"abiword-help\", pkgver:\"2.2.2-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"abiword-plugins\", pkgver:\"2.2.2-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"abiword-plugins-gnome\", pkgver:\"2.2.2-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"xfonts-abi\", pkgver:\"2.2.2-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"abiword / abiword-common / abiword-doc / abiword-gnome / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-06T10:03:39", "description": "Chris Evans discovered several buffer overflows in the RTF import\nmechanism of AbiWord, a WYSIWYG word processor based on GTK 2. Opening\na specially crafted RTF file could lead to the execution of arbitrary\ncode.", "edition": 25, "published": "2006-10-14T00:00:00", "title": "Debian DSA-894-1 : abiword - buffer overflows", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-2972", "CVE-2005-2964"], "modified": "2006-10-14T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.1", "cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:abiword"], "id": "DEBIAN_DSA-894.NASL", "href": "https://www.tenable.com/plugins/nessus/22760", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-894. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22760);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-2964\", \"CVE-2005-2972\");\n script_xref(name:\"DSA\", value:\"894\");\n\n script_name(english:\"Debian DSA-894-1 : abiword - buffer overflows\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chris Evans discovered several buffer overflows in the RTF import\nmechanism of AbiWord, a WYSIWYG word processor based on GTK 2. Opening\na specially crafted RTF file could lead to the execution of arbitrary\ncode.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-894\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the abiword package.\n\nFor the old stable distribution (woody) these problems have been fixed\nin version 1.0.2+cvs.2002.06.05-1woody3.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.2.7-3sarge2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:abiword\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/10/14\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/09/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"abiword\", reference:\"1.0.2+cvs.2002.06.05-1woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"abiword-common\", reference:\"1.0.2+cvs.2002.06.05-1woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"abiword-doc\", reference:\"1.0.2+cvs.2002.06.05-1woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"abiword-gnome\", reference:\"1.0.2+cvs.2002.06.05-1woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"abiword-gtk\", reference:\"1.0.2+cvs.2002.06.05-1woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"abiword-plugins\", reference:\"1.0.2+cvs.2002.06.05-1woody3\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"xfonts-abi\", reference:\"1.0.2+cvs.2002.06.05-1woody3\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"abiword\", reference:\"2.2.7-3sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"abiword-common\", reference:\"2.2.7-3sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"abiword-doc\", reference:\"2.2.7-3sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"abiword-gnome\", reference:\"2.2.7-3sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"abiword-help\", reference:\"2.2.7-3sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"abiword-plugins\", reference:\"2.2.7-3sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"abiword-plugins-gnome\", reference:\"2.2.7-3sarge2\")) flag++;\nif (deb_check(release:\"3.1\", prefix:\"xfonts-abi\", reference:\"2.2.7-3sarge2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-11-11T13:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2005-2972", "CVE-2005-2964"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 894-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nNovember 14th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : abiword\nVulnerability : buffer overflows\nProblem type : local (remote)\nDebian-specific: no\nCVE ID : CVE-2005-2964 CVE-2005-2972\n\nChris Evans discoverd several buffer overflows in the RTF import\nmechanism of AbiWord, a WYSIWYG word processor based on GTK 2.\nOpening a specially crafted RTF file could lead to the execution of\narbitrary code.\n\nFor the old stable distribution (woody) these problems have been fixed in\nversion 1.0.2+cvs.2002.06.05-1woody3.\n\nFor the stable distribution (sarge) these problems have been fixed in\nversion 2.2.7-3sarge2.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 2.2.10-1.\n\nWe recommend that you upgrade your abiword package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3.dsc\n Size/MD5 checksum: 1159 9210aac9957b6cd207775862a1d45f1f\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3.diff.gz\n Size/MD5 checksum: 50123 0f3df3436e43ce1d5da4b4c21e221bcf\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05.orig.tar.gz\n Size/MD5 checksum: 16407034 0b0e1f3e42a0627a28cea970b099049d\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword-doc_1.0.2+cvs.2002.06.05-1woody3_all.deb\n Size/MD5 checksum: 950320 d222e537587d9f91fd38efc9841a58e6\n http://security.debian.org/pool/updates/main/a/abiword/xfonts-abi_1.0.2+cvs.2002.06.05-1woody3_all.deb\n Size/MD5 checksum: 189488 7ba0f3d31f29c1cebfea82a0d231d8f5\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_alpha.deb\n Size/MD5 checksum: 12432 653ab5c780287dbfaa8bbead1d363660\n http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_alpha.deb\n Size/MD5 checksum: 538646 bcf2ed542e765437affef0fe8541bc3c\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_alpha.deb\n Size/MD5 checksum: 2069386 e019b8b99668ef96371cabdfcc21ed06\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_alpha.deb\n Size/MD5 checksum: 1873858 a8088abfbde086249c7395d5994a6b83\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_alpha.deb\n Size/MD5 checksum: 228334 c26e4e4f04a78e626ae7be7229c775f1\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_arm.deb\n Size/MD5 checksum: 12434 0ec0f572955999a70ec02f76d1119d9f\n http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_arm.deb\n Size/MD5 checksum: 536150 ef7a99f7e9f0cef5da0e2125d90eb2f0\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_arm.deb\n Size/MD5 checksum: 1717184 e5db39f5e4b89bb66dad89166c0871c9\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_arm.deb\n Size/MD5 checksum: 1533566 335181116b612f32ff14c6b062920cf3\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_arm.deb\n Size/MD5 checksum: 154850 88e931183c56e22c21d2ed2b6eaf727f\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_i386.deb\n Size/MD5 checksum: 12426 143a7e0e6a86475b0a4faffaa56fe6c6\n http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_i386.deb\n Size/MD5 checksum: 533942 9f3d73ea537bbc7cc748f4b347011351\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_i386.deb\n Size/MD5 checksum: 1677506 997b0e28a6511258aa7e953189c8916d\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_i386.deb\n Size/MD5 checksum: 1491616 79a369d35495da551010c88fc5d16e53\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_i386.deb\n Size/MD5 checksum: 195028 4417655cdf87e452e533bfceff37035f\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_ia64.deb\n Size/MD5 checksum: 12432 ec6bc2b2b32291a24e96ac37e5bef700\n http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_ia64.deb\n Size/MD5 checksum: 542580 d5ee8d4850f02c4bd9a5eb148ff50e12\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_ia64.deb\n Size/MD5 checksum: 2122580 6cd0574acb80ae18d3c24fa535edfe64\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_ia64.deb\n Size/MD5 checksum: 1940008 8bd8dae64327570f958940dc2de05152\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_ia64.deb\n Size/MD5 checksum: 311910 ecec1fedcaa4dd55feca35366f598dc4\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_hppa.deb\n Size/MD5 checksum: 12438 03439f730ccf73e2bb456a98bdd2a489\n http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_hppa.deb\n Size/MD5 checksum: 538040 48c15aee57c59f9ac1d780819dbb7d95\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_hppa.deb\n Size/MD5 checksum: 2040050 f3557b782734406275a9c2d74cbdb83a\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_hppa.deb\n Size/MD5 checksum: 1821554 e6776a2c4b8ddf0a6ab11d3a1756fa2d\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_hppa.deb\n Size/MD5 checksum: 195884 fdd07179430b8b7cf70f1944e1ca8751\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_m68k.deb\n Size/MD5 checksum: 12442 b39cce9869fd5ee33ee412c5671a761f\n http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_m68k.deb\n Size/MD5 checksum: 533170 1a26ef16fe1e79936b5af73b310b6279\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_m68k.deb\n Size/MD5 checksum: 1602928 ac5e6186a4f31bd97ab9efe5bfa380c6\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_m68k.deb\n Size/MD5 checksum: 1416324 93d883e59e22192a11a350302cf9f431\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_m68k.deb\n Size/MD5 checksum: 199740 b55f497320d2f7802bebccb506f11b46\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_mips.deb\n Size/MD5 checksum: 12432 6c7604ed802ecb0e7ddf09ee70697caf\n http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_mips.deb\n Size/MD5 checksum: 536262 036c7fd56f0a8a115241412bb8e528f8\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_mips.deb\n Size/MD5 checksum: 1701222 8c810e11612e5db201bf8506244041ce\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_mips.deb\n Size/MD5 checksum: 1513780 cd3a8526a63516ca89cae731b0e300ea\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_mips.deb\n Size/MD5 checksum: 205144 792becc9b4a78d16f775edf017bd4a67\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb\n Size/MD5 checksum: 12434 7d9931545151f9918f9d0c7c019c58a4\n http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb\n Size/MD5 checksum: 536510 343c499d62521e49626e99c50735ab96\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb\n Size/MD5 checksum: 1663354 94b4d497ff7ddaa31e30afbe05057504\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb\n Size/MD5 checksum: 1480888 00ebf5378e669c8437b5e385f94c6266\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb\n Size/MD5 checksum: 203030 ad7dee7e51fbf887ac179d483f359cb6\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb\n Size/MD5 checksum: 12438 3ff0d444f6f5df023844d6ca05d91987\n http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb\n Size/MD5 checksum: 534924 d2bbd28784670dc52bdef79879bde9c1\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb\n Size/MD5 checksum: 1716328 67597faf110332672c4234af61228a34\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb\n Size/MD5 checksum: 1527968 6b3677b16d1493ef075dcf2c565eaa46\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb\n Size/MD5 checksum: 237680 a754e170740217157b2fc6f7960ff0c6\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_s390.deb\n Size/MD5 checksum: 12432 899f2957c202bfd626ce04238ae7c355\n http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_s390.deb\n Size/MD5 checksum: 535210 6a83523ec1ad7f3789095bce0eec31c2\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_s390.deb\n Size/MD5 checksum: 1603804 f98f8c6be3063c920c174d74a87f51c0\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_s390.deb\n Size/MD5 checksum: 1417916 6dd76f6db3594c69591ef4fec624008e\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_s390.deb\n Size/MD5 checksum: 203268 2a247fc7a1ad5ad69a5550dde7e0e5f0\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_sparc.deb\n Size/MD5 checksum: 12434 cde846b41a0d618d5d854a0f63ab43ab\n http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_sparc.deb\n Size/MD5 checksum: 537430 cbd8122f90526919114aa2caa26ab098\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_sparc.deb\n Size/MD5 checksum: 1657026 d79737402458bb93fc4cfaa48d8e3b87\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_sparc.deb\n Size/MD5 checksum: 1470474 18458d5e37c1e92df7d41bf67b9a4185\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_sparc.deb\n Size/MD5 checksum: 193376 e49c7a03769332bf71fa4790c45e7261\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2.dsc\n Size/MD5 checksum: 1115 c1a5491bde1e7de2ba60ef1ba07b6166\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2.diff.gz\n Size/MD5 checksum: 75303 75b31932db227cc609d28d84f8bf4478\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7.orig.tar.gz\n Size/MD5 checksum: 28441035 d07e581539479e615a0af0c0a92da9a3\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword-common_2.2.7-3sarge2_all.deb\n Size/MD5 checksum: 1666180 b68247dabeb710edfa58172f5e40030f\n http://security.debian.org/pool/updates/main/a/abiword/abiword-doc_2.2.7-3sarge2_all.deb\n Size/MD5 checksum: 4085558 67faed1f27bc86f3fa2815d3ae058e17\n http://security.debian.org/pool/updates/main/a/abiword/abiword-help_2.2.7-3sarge2_all.deb\n Size/MD5 checksum: 558460 c3cbd4e961b18476ca7f5e6ddd4e6dba\n http://security.debian.org/pool/updates/main/a/abiword/xfonts-abi_2.2.7-3sarge2_all.deb\n Size/MD5 checksum: 20698 05bf556dd85be4428a0911b6c3d87b4b\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_alpha.deb\n Size/MD5 checksum: 2865468 bcb120ac51e1809db9efae4768f66238\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_alpha.deb\n Size/MD5 checksum: 2864100 778e462ca4a0aca78a673adf2d68b5e6\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_alpha.deb\n Size/MD5 checksum: 400976 916e7890de15b4cc814ef837bee6871e\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_alpha.deb\n Size/MD5 checksum: 28442 48350140d2bf3f0921a6259ecf61f5f0\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_amd64.deb\n Size/MD5 checksum: 2491560 6d37138df657bc275460f4931270b825\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_amd64.deb\n Size/MD5 checksum: 2484660 fa827b78a857ab7373cc022bdf01deff\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_amd64.deb\n Size/MD5 checksum: 369462 0e91af63f0fa42f4bc3533517a3d07f8\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_amd64.deb\n Size/MD5 checksum: 27992 5eb8d30bd1f5503ce2523bdd807e9edc\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_arm.deb\n Size/MD5 checksum: 2432880 e4703f6e9beb651dd91439303d1373df\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_arm.deb\n Size/MD5 checksum: 2423262 2637f435c5d0861d0f64d56395768ff3\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_arm.deb\n Size/MD5 checksum: 349248 b385c171802de8078538a8f8b7a63f3d\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_arm.deb\n Size/MD5 checksum: 27510 811da755de8247e13d37e0b1a5882926\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_i386.deb\n Size/MD5 checksum: 2340952 c844959722131837db735280ffe0c192\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_i386.deb\n Size/MD5 checksum: 2330434 911c26e1e23975bc795305e52ad53ce0\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_i386.deb\n Size/MD5 checksum: 358584 ab6ed361e772bf4808dabc56a2880811\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_i386.deb\n Size/MD5 checksum: 27854 12d4eeec28a3a7eff2d4777291c8f192\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_ia64.deb\n Size/MD5 checksum: 3443314 d5cf969d1db44c587f22d3cfe2eaaebf\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_ia64.deb\n Size/MD5 checksum: 3446838 8ed0533abdeebfb82cebe0ac1a8328e7\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_ia64.deb\n Size/MD5 checksum: 450116 78ebf500c547a25485b84aa716eab7e7\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_ia64.deb\n Size/MD5 checksum: 29816 f22cfa0f5096cea6af8afefc245bb031\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_hppa.deb\n Size/MD5 checksum: 2811614 72e51c5d4230663c93b6f3028b420cba\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_hppa.deb\n Size/MD5 checksum: 2803736 9358dfdc81bdbaeaaacb60af8f76ec2a\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_hppa.deb\n Size/MD5 checksum: 436786 92df6cbe164a52330127c5b007f7efaf\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_hppa.deb\n Size/MD5 checksum: 29178 288c641cc68192aa3b87df9fcb41c522\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_m68k.deb\n Size/MD5 checksum: 2358090 2d566ecb5578b409cf5e3507df7bf8c9\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_m68k.deb\n Size/MD5 checksum: 2348080 5e2397fa9869b2fb5590872c95fe22f1\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_m68k.deb\n Size/MD5 checksum: 369286 d1530b8fcfb28dfa8787662d83634dcf\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_m68k.deb\n Size/MD5 checksum: 27716 881587416e5eb97885bf17f72fed15a8\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_mips.deb\n Size/MD5 checksum: 2550988 81a84402b7a3066e61274f85afd6077a\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_mips.deb\n Size/MD5 checksum: 2543624 9c184c2eacc4a13ba78e1e70ff59fbde\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_mips.deb\n Size/MD5 checksum: 358192 1d221249ac1d7f23529dcc502c5320e0\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_mips.deb\n Size/MD5 checksum: 28354 0625dceebbb691c3312fb1c14c36c743\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_mipsel.deb\n Size/MD5 checksum: 2465622 e4d4d2a6f5994de907960cd14b05c662\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_mipsel.deb\n Size/MD5 checksum: 2456260 5798ef734342be359769f84f2011bd1e\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_mipsel.deb\n Size/MD5 checksum: 354070 d7cd62c4a5f25c28da61bcfbc9b16ccf\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_mipsel.deb\n Size/MD5 checksum: 28300 fe5b25f2b7eed349e2274fa44ead79a2\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_powerpc.deb\n Size/MD5 checksum: 2473300 c6e7d9e9b32177ea2e4e2819b17338cb\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_powerpc.deb\n Size/MD5 checksum: 2464070 df0769e09e53465b03659e958907c058\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_powerpc.deb\n Size/MD5 checksum: 408478 13d12015c9dd09d94aef49b48a2a45c5\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_powerpc.deb\n Size/MD5 checksum: 29892 a6f075e74ea0dee760efb42fa4244499\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_s390.deb\n Size/MD5 checksum: 2457050 65b8553d57b870b90ee4612391bbc63f\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_s390.deb\n Size/MD5 checksum: 2451094 331bd8ec99321393a69276a087732767\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_s390.deb\n Size/MD5 checksum: 364848 50217fdf5e9bceb77fb34ff455d8ab83\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_s390.deb\n Size/MD5 checksum: 28282 3bca542474684673e0367596524b9132\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_sparc.deb\n Size/MD5 checksum: 2462406 571fcd01d80476714a8ddd87ce34ff17\n http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_sparc.deb\n Size/MD5 checksum: 2453454 e72adac4cc33128729763bdf3e64177e\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_sparc.deb\n Size/MD5 checksum: 343132 e9fa92049ac7b5b2d76ed58d9cb19273\n http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_sparc.deb\n Size/MD5 checksum: 27502 8cc7425570da58d6e7adde0a5474f68b\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n\n", "edition": 3, "modified": "2005-11-14T00:00:00", "published": "2005-11-14T00:00:00", "id": "DEBIAN:DSA-894-1:35D0B", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00292.html", "title": "[SECURITY] [DSA 894-1] New AbiWord packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}