Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.UBUNTU_USN-1496-1.NASL
HistoryJul 03, 2012 - 12:00 a.m.

Ubuntu 10.04 LTS : openoffice.org vulnerabilities (USN-1496-1)

2012-07-0300:00:00
Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
34
JSON

A stack-based buffer overflow was discovered in the Lotus Word Pro import filter in OpenOffice.org. The default compiler options for affected releases should reduce the vulnerability to a denial of service. (CVE-2011-2685)

Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to crash if it opened a specially crafted Word document. (CVE-2011-2713)

Integer overflows were discovered in the graphics loading code of several different image types. If a user were tricked into opening a specially crafted file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-1149)

Sven Jacobi discovered an integer overflow when processing Escher graphics records. If a user were tricked into opening a specially crafted PowerPoint file, an attacker could cause OpenOffice.org to crash or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2012-2334).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Ubuntu Security Notice USN-1496-1. The text 
# itself is copyright (C) Canonical, Inc. See 
# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
# trademark of Canonical, Inc.
#

include("compat.inc");

if (description)
{
  script_id(59833);
  script_version("1.8");
  script_cvs_date("Date: 2019/09/19 12:54:28");

  script_cve_id("CVE-2011-2685", "CVE-2011-2713", "CVE-2012-1149", "CVE-2012-2334");
  script_bugtraq_id(49969, 53570);
  script_xref(name:"USN", value:"1496-1");

  script_name(english:"Ubuntu 10.04 LTS : openoffice.org vulnerabilities (USN-1496-1)");
  script_summary(english:"Checks dpkg output for updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Ubuntu host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A stack-based buffer overflow was discovered in the Lotus Word Pro
import filter in OpenOffice.org. The default compiler options for
affected releases should reduce the vulnerability to a denial of
service. (CVE-2011-2685)

Huzaifa Sidhpurwala discovered that OpenOffice.org could be made to
crash if it opened a specially crafted Word document. (CVE-2011-2713)

Integer overflows were discovered in the graphics loading code of
several different image types. If a user were tricked into opening a
specially crafted file, an attacker could cause OpenOffice.org to
crash or possibly execute arbitrary code with the privileges of the
user invoking the program. (CVE-2012-1149)

Sven Jacobi discovered an integer overflow when processing Escher
graphics records. If a user were tricked into opening a specially
crafted PowerPoint file, an attacker could cause OpenOffice.org to
crash or possibly execute arbitrary code with the privileges of the
user invoking the program. (CVE-2012-2334).

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://usn.ubuntu.com/1496-1/"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected openoffice.org-core package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:openoffice.org-core");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/07/21");
  script_set_attribute(attribute:"patch_publication_date", value:"2012/07/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/07/03");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Ubuntu Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("ubuntu.inc");
include("misc_func.inc");

if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/Ubuntu/release");
if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
release = chomp(release);
if (! preg(pattern:"^(10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04", "Ubuntu " + release);
if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);

flag = 0;

if (ubuntu_check(osver:"10.04", pkgname:"openoffice.org-core", pkgver:"1:3.2.0-7ubuntu4.3")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : ubuntu_report_get()
  );
  exit(0);
}
else
{
  tested = ubuntu_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openoffice.org-core");
}
VendorProductVersionCPE
canonicalubuntu_linuxopenoffice.org-corep-cpe:/a:canonical:ubuntu_linux:openoffice.org-core
canonicalubuntu_linux10.04cpe:/o:canonical:ubuntu_linux:10.04:-:lts

Related

ubuntu 2
openvas 46
fedora 5
nessus 27
oraclelinux 1
centos 1
osv 2
debian 9
redhat 1
securityvulns 5
gentoo 2
debiancve 4
cert 1
prion 4
seebug 2
cve 4
ubuntucve 4
ubuntu
ubuntu
OpenOffice.org vulnerabilities
2012-07-02 00:00:00
LibreOffice vulnerabilities
2012-07-02 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-1496-1)
2012-07-03 00:00:00
Ubuntu Update for openoffice.org USN-1496-1
2012-07-03 00:00:00
Fedora Update for libreoffice FEDORA-2012-8114
2012-06-15 00:00:00
fedora
fedora
[SECURITY] Fedora 15 Update: libreoffice-3.3.4.1-5.fc15
2012-06-13 21:28:52
[SECURITY] Fedora 16 Update: libreoffice-3.4.5.2-18.fc16
2012-08-10 22:37:08
[SECURITY] Fedora 14 Update: openoffice.org-3.3.0-20.8.fc14
2011-10-18 22:13:46
nessus
nessus
SuSE 11.1 Security Update : LibreOffice (SAT Patch Number 5271)
2011-12-13 00:00:00
openSUSE Security Update : libreoffice-34 (openSUSE-SU-2011:1143-2)
2014-06-13 00:00:00
openSUSE Security Update : libreoffice-34 (openSUSE-SU-2011:1143-1)
2014-06-13 00:00:00
oraclelinux
oraclelinux
openoffice.org security update
2012-06-05 00:00:00
centos
centos
autocorr, broffice.org, openoffice.org security update
2012-06-05 10:03:16
osv
osv
openoffice.org - buffer overflow
2012-06-07 00:00:00
openoffice.org - multiple vulnerabilities
2011-10-05 00:00:00
debian
debian
[SECURITY] [DSA 2487-1] openoffice.org security update
2012-06-07 19:53:54
[BSA-053] Security update for libreoffice
2011-10-08 20:36:56
[BSA-053] Security update for libreoffice
2011-10-08 20:36:56
redhat
redhat
(RHSA-2012:0705) Important: openoffice.org security update
2012-06-04 00:00:00
securityvulns
securityvulns
OpenOffice multiple security vulnerabilities
2012-05-21 00:00:00
CVE-2012-2334 Vulnerabilities related to malformed Powerpoint files in OpenOffice.org 3.3.0
2012-05-21 00:00:00
OpenOffice multiple security vulnerabilities
2011-10-10 00:00:00
gentoo
gentoo
LibreOffice: Multiple vulnerabilities
2012-09-24 00:00:00
OpenOffice, LibreOffice: Multiple vulnerabilities
2014-08-31 00:00:00
debiancve
debiancve
CVE-2011-2685
2011-07-21 23:55:00
CVE-2012-2334
2012-06-19 20:55:00
CVE-2011-2713
2011-10-21 18:55:00
cert
cert
LibreOffice 3.3 'Lotus Word Pro' document import filter contains multiple vulnerabilities
2011-06-22 00:00:00
prion
prion
Integer overflow
2012-06-19 20:55:00
Stack overflow
2011-07-21 23:55:00
Out-of-bounds
2011-10-21 18:55:00
seebug
seebug
OpenOffice 3.4ไน‹ๅ‰็‰ˆๆœฌ filter/source/msfilter msdffimp.cxxๆ‹’็ปๆœๅŠกๆผๆดž
2012-05-19 00:00:00
OpenOffice Microsoft Wordๆ–‡ไปถๆ ผๅผ่พ“ๅ…ฅ็จ‹ๅบๅคšไธชๅฎ‰ๅ…จๆผๆดž
2011-10-21 00:00:00
cve
cve
CVE-2011-2713
2011-10-21 18:55:00
CVE-2011-2685
2011-07-21 23:55:00
CVE-2012-2334
2012-06-19 20:55:00
ubuntucve
ubuntucve
CVE-2011-2713
2011-10-21 00:00:00
CVE-2011-2685
2011-07-21 00:00:00
CVE-2012-2334
2012-06-19 00:00:00
JSON
Related for UBUNTU_USN-1496-1.NASL
ubuntu2openvas46fedora5nessus27oraclelinux1centos1osv2debian9redhat1securityvulns5gentoo2debiancve4cert1prion4seebug2cve4ubuntucve4