Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_11_3_OPENOFFICE_ORG-DRAW-100906.NASL
HistoryJun 13, 2014 - 12:00 a.m.

openSUSE Security Update : OpenOffice_org-draw (openSUSE-SU-2010:0732-1)

2014-06-1300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.149 Low

EPSS

Percentile

95.9%

JSON

Specially crafted ppt files could cause a heap based buffer overflow in OpenOffice_org Impress. Attackers could exploit that to crash OpenOffice_org or potentially even execute arbitrary code (CVE-2010-2935, CVE-2010-2936).

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update OpenOffice_org-draw-3081.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(75688);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-2935", "CVE-2010-2936");

  script_name(english:"openSUSE Security Update : OpenOffice_org-draw (openSUSE-SU-2010:0732-1)");
  script_summary(english:"Check for the OpenOffice_org-draw-3081 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Specially crafted ppt files could cause a heap based buffer overflow
in OpenOffice_org Impress. Attackers could exploit that to crash
OpenOffice_org or potentially even execute arbitrary code
(CVE-2010-2935, CVE-2010-2936)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=629085"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://lists.opensuse.org/opensuse-updates/2010-10/msg00020.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected OpenOffice_org-draw packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-draw");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-impress");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-impress-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-impress-l10n-prebuilt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-libs-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-libs-gui-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:OpenOffice_org-libs-gui-l10n-prebuilt");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/09/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.3", reference:"OpenOffice_org-draw-3.2.1.4-2.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"OpenOffice_org-impress-3.2.1.4-2.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"OpenOffice_org-impress-devel-3.2.1.4-2.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"OpenOffice_org-impress-l10n-prebuilt-3.2.1.4-2.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"OpenOffice_org-libs-gui-3.2.1.4-2.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"OpenOffice_org-libs-gui-devel-3.2.1.4-2.1.1") ) flag++;
if ( rpm_check(release:"SUSE11.3", reference:"OpenOffice_org-libs-gui-l10n-prebuilt-3.2.1.4-2.1.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenOffice_org-draw / OpenOffice_org-impress / etc");
}
VendorProductVersionCPE
novellopensuseopenoffice_org-drawp-cpe:/a:novell:opensuse:openoffice_org-draw
novellopensuseopenoffice_org-impressp-cpe:/a:novell:opensuse:openoffice_org-impress
novellopensuseopenoffice_org-impress-develp-cpe:/a:novell:opensuse:openoffice_org-impress-devel
novellopensuseopenoffice_org-impress-l10n-prebuiltp-cpe:/a:novell:opensuse:openoffice_org-impress-l10n-prebuilt
novellopensuseopenoffice_org-libs-guip-cpe:/a:novell:opensuse:openoffice_org-libs-gui
novellopensuseopenoffice_org-libs-gui-develp-cpe:/a:novell:opensuse:openoffice_org-libs-gui-devel
novellopensuseopenoffice_org-libs-gui-l10n-prebuiltp-cpe:/a:novell:opensuse:openoffice_org-libs-gui-l10n-prebuilt
novellopensuse11.3cpe:/o:novell:opensuse:11.3

Related

oraclelinux 1
nessus 22
openvas 17
securityvulns 3
debian 4
kaspersky 1
redhat 1
centos 1
cve 2
nvd 2
cvelist 2
ubuntucve 2
prion 2
ubuntu 1
fedora 1
freebsd 1
gentoo 1
oracle 1
oraclelinux
oraclelinux
openoffice.org security update
2010-08-23 00:00:00
nessus
nessus
Scientific Linux Security Update : openoffice.org on SL3.x i386/x86_64
2012-08-01 00:00:00
Scientific Linux Security Update : openoffice.org on SL4.x i386/x86_64
2012-08-01 00:00:00
SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 7148)
2011-01-27 00:00:00
openvas
openvas
RedHat Update for openoffice.org RHSA-2010:0643-01
2010-08-30 00:00:00
CentOS Update for openoffice.org CESA-2010:0643 centos3 i386
2010-08-30 00:00:00
Debian Security Advisory DSA 2099-1 (openoffice.org)
2010-10-10 00:00:00
securityvulns
securityvulns
OpenOffice integer overflows
2010-08-31 00:00:00
[SECURITY] [DSA 2099-1] New OpenOffice.org packages fix arbitrary code execution
2010-08-31 00:00:00
Oracle / Sun / Peoplesoft / Open Office applications multiple security vulnerabilities
2011-02-26 00:00:00
debian
debian
[SECURITY] [DSA 2099-1] New OpenOffice.org packages fix arbitrary code execution
2010-08-30 09:25:00
Security update for openoffice.org
2010-09-07 16:34:51
Security update for openoffice.org
2010-09-07 16:34:51
kaspersky
kaspersky
KLA10280 DoS vulnerability in OpenOffice.org
2010-08-25 00:00:00
redhat
redhat
(RHSA-2010:0643) Important: openoffice.org security update
2010-08-23 00:00:00
centos
centos
openoffice.org, openoffice.org2 security update
2010-08-25 13:52:49
cve
cve
CVE-2010-2935
2010-08-25 20:00:17
CVE-2010-2936
2010-08-25 20:00:17
nvd
nvd
CVE-2010-2936
2010-08-25 20:00:17
CVE-2010-2935
2010-08-25 20:00:17
cvelist
cvelist
CVE-2010-2935
2010-08-25 19:00:00
CVE-2010-2936
2010-08-25 19:00:00
ubuntucve
ubuntucve
CVE-2010-2936
2010-08-25 00:00:00
CVE-2010-2935
2010-08-25 00:00:00
prion
prion
Integer overflow
2010-08-25 20:00:00
Heap overflow
2010-08-25 20:00:00
ubuntu
ubuntu
OpenOffice.org vulnerabilities
2011-02-02 00:00:00
fedora
fedora
[SECURITY] Fedora 13 Update: openoffice.org-3.2.0-12.35.fc13
2011-02-17 00:50:23
freebsd
freebsd
openoffice.org -- Multiple vulnerabilities
2010-08-04 00:00:00
gentoo
gentoo
OpenOffice, LibreOffice: Multiple vulnerabilities
2014-08-31 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2011
2011-01-18 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.149 Low

EPSS

Percentile

95.9%

JSON
Related for SUSE_11_3_OPENOFFICE_ORG-DRAW-100906.NASL
oraclelinux1nessus22openvas17securityvulns3debian4kaspersky1redhat1centos1cve2nvd2cvelist2ubuntucve2prion2ubuntu1fedora1freebsd1gentoo1oracle1