Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20070613_OPENOFFICE_ORG_ON_SL4_X.NASLHistoryAug 01, 2012 - 12:00 a.m.
Scientific Linux Security Update : openoffice.org on SL4.x, i386/x86_64
2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.666 Medium
EPSS
Percentile
97.9%
A heap overflow flaw was found in the RTF import filer. An attacker could create a carefully crafted RTF file that could cause OpenOffice.org to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0245)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(60206);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2007-0245");
script_name(english:"Scientific Linux Security Update : openoffice.org on SL4.x, i386/x86_64");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"A heap overflow flaw was found in the RTF import filer. An attacker
could create a carefully crafted RTF file that could cause
OpenOffice.org to crash or possibly execute arbitrary code if the file
was opened by a victim. (CVE-2007-0245)"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind0706&L=scientific-linux-errata&T=0&P=3312
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?e9ebb28f"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_cwe_id(119);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2007/06/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL4", reference:"openoffice.org-1.1.5-10.6.0.1.EL4")) flag++;
if (rpm_check(release:"SL4", reference:"openoffice.org-i18n-1.1.5-10.6.0.1.EL4")) flag++;
if (rpm_check(release:"SL4", reference:"openoffice.org-kde-1.1.5-10.6.0.1.EL4")) flag++;
if (rpm_check(release:"SL4", reference:"openoffice.org-libs-1.1.5-10.6.0.1.EL4")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |
Related
fedora
fedora
[SECURITY] Fedora Core 6 Update: openoffice.org-2.0.4-5.5.23
2007-06-12 21:24:19
[SECURITY] Fedora 7 Update: openoffice.org-2.2.0-14.11
2007-06-13 21:10:05
[SECURITY] Fedora 7 Update: openoffice.org-2.2.1-18.2.fc7
2007-10-04 18:47:11
nessus
nessus
Ubuntu 6.06 LTS / 6.10 / 7.04 : openoffice.org(2)/-amd64 vulnerability (USN-482-1)
2007-11-10 00:00:00
Sun OpenOffice.org RTF Parser prtdata Tag Buffer Overflow
2007-06-20 00:00:00
SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 3761)
2007-12-13 00:00:00
ubuntu
ubuntu
OpenOffice.org vulnerability
2007-07-11 00:00:00
openvas
openvas
Fedora Update for openoffice.org FEDORA-2007-572
2009-02-27 00:00:00
Ubuntu Update for openoffice.org(2)/-amd64 vulnerability USN-482-1
2009-03-23 00:00:00
Mandriva Update for openoffice.org MDKSA-2007:144 (openoffice.org)
2009-04-09 00:00:00
checkpoint_advisories
checkpoint_advisories
prion
prion
Heap overflow
2007-06-12 21:30:00
debian
debian
oraclelinux
oraclelinux
Important: openoffice.org security update
2007-06-13 00:00:00
centos
centos
openoffice.org, openoffice.org2 security update
2007-06-13 22:55:37
redhat
redhat
(RHSA-2007:0406) Important: openoffice.org security update
2007-06-13 00:00:00
nvd
nvd
CVE-2007-0245
2007-06-12 21:30:00
cvelist
cvelist
CVE-2007-0245
2007-06-12 21:00:00
osv
osv
openoffice.org - heap overflow
2007-06-12 00:00:00
cve
cve
CVE-2007-0245
2007-06-12 21:30:00
ubuntucve
ubuntucve
CVE-2007-0245
2007-06-12 00:00:00
suse
suse
remote code execution in OpenOffice_org
2007-06-28 16:37:56
gentoo
gentoo
OpenOffice.org: Two buffer overflows
2007-07-02 00:00:00
securityvulns
securityvulns
OpenOffice buffer overflow
2007-06-14 00:00:00
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.666 Medium
EPSS
Percentile
97.9%
Related for SL_20070613_OPENOFFICE_ORG_ON_SL4_X.NASL