Lucene search
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2007-0001.NASLHistoryJul 12, 2013 - 12:00 a.m.
Oracle Linux 4 : openoffice.org (ELSA-2007-0001)
2013-07-1200:00:00
This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
From Red Hat Security Advisory 2007:0001 :
Updated openoffice.org packages are now available.
This update has been rated as having important security impact by the Red Hat Security Response Team.
OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program.
Several integer overflow bugs were found in the OpenOffice.org WMF file processor. An attacker could create a carefully crafted WMF file that could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. (CVE-2006-5870)
All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported fix for this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2007:0001 and
# Oracle Linux Security Advisory ELSA-2007-0001 respectively.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(67433);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2006-5870");
script_bugtraq_id(21861);
script_xref(name:"RHSA", value:"2007:0001");
script_name(english:"Oracle Linux 4 : openoffice.org (ELSA-2007-0001)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:"The remote Oracle Linux host is missing one or more security updates."
);
script_set_attribute(
attribute:"description",
value:
"From Red Hat Security Advisory 2007:0001 :
Updated openoffice.org packages are now available.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
OpenOffice.org is an office productivity suite that includes desktop
applications such as a word processor, spreadsheet, presentation
manager, formula editor, and drawing program.
Several integer overflow bugs were found in the OpenOffice.org WMF
file processor. An attacker could create a carefully crafted WMF file
that could cause OpenOffice.org to execute arbitrary code when the
file was opened by a victim. (CVE-2006-5870)
All users of OpenOffice.org are advised to upgrade to these updated
packages, which contain a backported fix for this issue."
);
script_set_attribute(
attribute:"see_also",
value:"https://oss.oracle.com/pipermail/el-errata/2007-January/000038.html"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected openoffice.org packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openoffice.org");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openoffice.org-i18n");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openoffice.org-kde");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openoffice.org-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4");
script_set_attribute(attribute:"vuln_publication_date", value:"2006/12/31");
script_set_attribute(attribute:"patch_publication_date", value:"2007/01/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Oracle Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 4", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
flag = 0;
if (rpm_check(release:"EL4", cpu:"i386", reference:"openoffice.org-1.1.5-6.6.0.EL4")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openoffice.org-1.1.5-6.6.0.EL4")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"openoffice.org-i18n-1.1.5-6.6.0.EL4")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openoffice.org-i18n-1.1.5-6.6.0.EL4")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"openoffice.org-kde-1.1.5-6.6.0.EL4")) flag++;
if (rpm_check(release:"EL4", cpu:"i386", reference:"openoffice.org-libs-1.1.5-6.6.0.EL4")) flag++;
if (rpm_check(release:"EL4", cpu:"x86_64", reference:"openoffice.org-libs-1.1.5-6.6.0.EL4")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openoffice.org / openoffice.org-i18n / openoffice.org-kde / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | linux | 4 | cpe:/o:oracle:linux:4 |
| oracle | linux | openoffice.org | p-cpe:/a:oracle:linux:openoffice.org |
| oracle | linux | openoffice.org-i18n | p-cpe:/a:oracle:linux:openoffice.org-i18n |
| oracle | linux | openoffice.org-kde | p-cpe:/a:oracle:linux:openoffice.org-kde |
| oracle | linux | openoffice.org-libs | p-cpe:/a:oracle:linux:openoffice.org-libs |
Related
openvas
openvas
SuSE Update for OpenOffice_org SUSE-SA:2007:001
2009-01-28 00:00:00
Ubuntu: Security Advisory (USN-406-1)
2009-03-23 00:00:00
Gentoo Security Advisory GLSA 200701-07 (openoffice)
2008-09-24 00:00:00
nessus
nessus
RHEL 3 / 4 : openoffice.org (RHSA-2007:0001)
2007-01-08 00:00:00
Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:006)
2007-02-18 00:00:00
osv
osv
openoffice.org
2007-01-08 00:00:00
redhat
redhat
(RHSA-2007:0001) Important: openoffice.org security update
2007-01-03 00:00:00
suse
suse
code execution in OpenOffice_org
2007-01-04 17:19:07
securityvulns
securityvulns
openoffice.org security update
2007-01-04 00:00:00
gentoo
gentoo
OpenOffice.org: EMF/WMF file handling vulnerabilities
2007-01-12 00:00:00
cve
cve
CVE-2006-5870
2006-12-31 05:00:00
debian
debian
centos
centos
openoffice.org security update
2007-01-04 14:55:30
ubuntu
ubuntu
OpenOffice.org vulnerability
2007-01-12 00:00:00
cert
cert
OpenOffice fails to properly process WMF and EMF files
2007-01-05 00:00:00
ubuntucve
ubuntucve
CVE-2006-5870
2006-12-31 00:00:00
oraclelinux
oraclelinux
Important openoffice.org security update
2007-01-05 00:00:00
Related for ORACLELINUX_ELSA-2007-0001.NASL