ID OPENVAS:1361412562310841049 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2019-03-13T00:00:00
Description
Ubuntu Update for Linux kernel vulnerabilities USN-1480-1
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_1480_1.nasl 14132 2019-03-13 09:25:59Z cfischer $
#
# Ubuntu Update for raptor USN-1480-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-1480-1/");
script_oid("1.3.6.1.4.1.25623.1.0.841049");
script_version("$Revision: 14132 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $");
script_tag(name:"creation_date", value:"2012-06-19 09:42:22 +0530 (Tue, 19 Jun 2012)");
script_cve_id("CVE-2012-0037");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_xref(name:"USN", value:"1480-1");
script_name("Ubuntu Update for raptor USN-1480-1");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(10\.04 LTS|12\.04 LTS|11\.10|11\.04)");
script_tag(name:"summary", value:"Ubuntu Update for Linux kernel vulnerabilities USN-1480-1");
script_tag(name:"affected", value:"raptor on Ubuntu 12.04 LTS,
Ubuntu 11.10,
Ubuntu 11.04,
Ubuntu 10.04 LTS");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"insight", value:"Timothy D. Morgan discovered that Raptor would unconditionally load XML
external entities. If a user were tricked into opening a specially crafted
document in an application linked against Raptor, an attacker could
possibly obtain access to arbitrary files on the user's system or
potentially execute arbitrary code with the privileges of the user invoking
the program.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libraptor1", ver:"1.4.21-1ubuntu1.1", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU12.04 LTS")
{
if ((res = isdpkgvuln(pkg:"libraptor1", ver:"1.4.21-7ubuntu0.1", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU11.10")
{
if ((res = isdpkgvuln(pkg:"libraptor1", ver:"1.4.21-5ubuntu0.1", rls:"UBUNTU11.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU11.04")
{
if ((res = isdpkgvuln(pkg:"libraptor1", ver:"1.4.21-2ubuntu0.1", rls:"UBUNTU11.04")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310841049", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for raptor USN-1480-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1480-1", "published": "2012-06-19T00:00:00", "modified": "2019-03-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841049", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["1480-1", "http://www.ubuntu.com/usn/usn-1480-1/"], "cvelist": ["CVE-2012-0037"], "lastseen": "2019-05-29T18:38:31", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-0037"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27835", "SECURITYVULNS:DOC:27872", "SECURITYVULNS:VULN:12287"]}, {"type": "redhat", "idList": ["RHSA-2012:0410", "RHSA-2012:0411"]}, {"type": "ubuntu", "idList": ["USN-1901-1", "USN-1480-1"]}, {"type": "centos", "idList": ["CESA-2012:0411", "CESA-2012:0410"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2438-1:5F194"]}, {"type": "seebug", "idList": ["SSV:30216"]}, {"type": "oraclelinux", "idList": ["ELSA-2012-0410"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2012-0410.NASL", "LIBREOFFICE_351.NASL", "UBUNTU_USN-1901-1.NASL", "FEDORA_2012-4629.NASL", "SL_20120322_RAPTOR_ON_SL6_X.NASL", "DEBIAN_DSA-2438.NASL", "UBUNTU_USN-1480-1.NASL", "MANDRIVA_MDVSA-2012-063.NASL", "CENTOS_RHSA-2012-0410.NASL", "MACOSX_LIBREOFFICE_351.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:864584", "OPENVAS:1361412562310870721", "OPENVAS:1361412562310831599", "OPENVAS:136141256231071289", "OPENVAS:1361412562310864584", "OPENVAS:1361412562310864393", "OPENVAS:71242", "OPENVAS:1361412562310831642", "OPENVAS:831642", "OPENVAS:841501"]}, {"type": "fedora", "idList": ["FEDORA:CBEC623342", "FEDORA:CA7D12107E", "FEDORA:9E984222C3", "FEDORA:6407120E2F"]}, {"type": "freebsd", "idList": ["60F81AF3-7690-11E1-9423-00235A5F2C9A"]}, {"type": "gentoo", "idList": ["GLSA-201209-05", "GLSA-201408-19"]}], "modified": "2019-05-29T18:38:31", "rev": 2}, "score": {"value": 6.7, "vector": "NONE", "modified": "2019-05-29T18:38:31", "rev": 2}, "vulnersScore": 6.7}, "pluginID": "1361412562310841049", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1480_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for raptor USN-1480-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1480-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.841049\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-19 09:42:22 +0530 (Tue, 19 Jun 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"USN\", value:\"1480-1\");\n script_name(\"Ubuntu Update for raptor USN-1480-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(10\\.04 LTS|12\\.04 LTS|11\\.10|11\\.04)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1480-1\");\n script_tag(name:\"affected\", value:\"raptor on Ubuntu 12.04 LTS,\n Ubuntu 11.10,\n Ubuntu 11.04,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Timothy D. Morgan discovered that Raptor would unconditionally load XML\n external entities. If a user were tricked into opening a specially crafted\n document in an application linked against Raptor, an attacker could\n possibly obtain access to arbitrary files on the user's system or\n potentially execute arbitrary code with the privileges of the user invoking\n the program.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-1ubuntu1.1\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-7ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-5ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-2ubuntu0.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:47:15", "description": "Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.", "edition": 6, "cvss3": {}, "published": "2012-06-17T03:41:00", "title": "CVE-2012-0037", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-0037"], "modified": "2017-08-29T01:30:00", "cpe": ["cpe:/a:libreoffice:libreoffice:3.4.0", "cpe:/a:libreoffice:libreoffice:3.3.4", "cpe:/a:libreoffice:libreoffice:3.3.3", "cpe:/a:apache:openoffice.org:3.4", "cpe:/a:libreoffice:libreoffice:3.3.1", "cpe:/a:libreoffice:libreoffice:3.5", "cpe:/a:libreoffice:libreoffice:3.3.2", "cpe:/a:apache:openoffice.org:3.3", "cpe:/a:libreoffice:libreoffice:3.4.2", "cpe:/a:libreoffice:libreoffice:3.3.0", "cpe:/a:redland:libraptor:2.0.6", "cpe:/a:libreoffice:libreoffice:3.4.1", "cpe:/a:libreoffice:libreoffice:3.4.5"], "id": "CVE-2012-0037", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0037", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:libreoffice:libreoffice:3.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:libreoffice:libreoffice:3.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:libreoffice:libreoffice:3.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:libreoffice:libreoffice:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:apache:openoffice.org:3.4:beta:*:*:*:*:*:*", "cpe:2.3:a:libreoffice:libreoffice:3.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:libreoffice:libreoffice:3.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:libreoffice:libreoffice:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:apache:openoffice.org:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:redland:libraptor:2.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:libreoffice:libreoffice:3.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:libreoffice:libreoffice:3.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:libreoffice:libreoffice:3.4.2:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2012-0037"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\n VSR Security Advisory\r\n http://www.vsecurity.com/\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\r\n\r\nAdvisory Name: libraptor - XXE in RDF/XML File Interpretation\r\n Release Date: 2012-03-24\r\n Applications: libraptor / librdf (versions 1.x and 2.x)\r\nAlso Affected: OpenOffice 3.x, LibreOffice 3.x, AbiWord, KOffice\r\n Author: tmorgan {a} vsecurity * com\r\nVendor Status: Patches available; major downstream vendors\r\n and operating system distributions notified\r\nCVE Candidate: CVE-2012-0037\r\n Reference: http://www.vsecurity.com/resources/advisory/20120324-1/\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\r\n\r\n\r\nProduct Description\r\n~-----------------~\r\n"Raptor is a free software / Open Source C library that provides a set of\r\n parsers and serializers that generate Resource Description Framework (RDF)\r\n triples by parsing syntaxes or serialize the triples into a syntax. The\r\n supported parsing syntaxes are RDF/XML, N-Quads, N-Triples, TRiG, Turtle, RSS\r\n tag soup including all versions of RSS, Atom 1.0 and 0.3, GRDDL and\r\n microformats for HTML, XHTML and XML and RDFa. The serializing syntaxes are\r\n RDF/XML (regular, and abbreviated), Atom 1.0, GraphViz, JSON, N-Quads,\r\n N-Triples, RSS 1.0 and XMP." -- libraptor web site [1]\r\n\r\nlibraptor is a component of librdf[2] which is used by a variety of open source\r\nsoftware to interpret Resource Description Framework (RDF) [3] formats.\r\n\r\n\r\nVulnerability Overview\r\n~--------------------~\r\nIn December 2011, VSR identified a vulnerability in multiple open source office\r\nproducts (including OpenOffice, LibreOffice, KOffice, and AbiWord) due to unsafe\r\ninterpretation of XML files with custom entity declarations. Deeper analysis\r\nrevealed that the vulnerability was caused by acceptance of external entities by\r\nthe libraptor library, which is used by librdf and is in turn used by these\r\noffice products.\r\n\r\nIn the context of office applications, these vulnerabilities could allow for XML\r\nExternal Entity (XXE) attacks resulting in file theft and a loss of user privacy\r\nwhen opening potentially malicious ODF documents. For other applications which\r\ndepend on librdf or libraptor, potentially serious consequences could result\r\nfrom accepting RDF/XML content from untrusted sources, though the impact may\r\nvary widely depending on the context.\r\n\r\n\r\nVulnerability Details\r\n~-------------------~\r\nOpen Document Format (ODF) files consist of a collection of several different\r\nfiles stored in a ZIP archive. Included in this set is a "manifest.rdf" file\r\nwhich is formatted according to the RDF/XML representation. The RDF format is\r\nintended to be used for storing metadata associated with specific document\r\nelements. The manifest.rdf file can reference secondary RDF files within the\r\nODF file as well as external document schemas.\r\n\r\nThe RDF file parser (librdf) used by the affected office products allows DTD\r\nspecifications within the RDF files themselves. In addition, the parser\r\ninterprets external entities which may reference arbitrary external files, HTTP\r\nand FTP resources.\r\n\r\nFor instance, the following "evil.rdf" file was created within a valid ODF text\r\narchive (.odt file) which was referenced by the internal manifest.rdf file:\r\n\r\n\r\n<?xml version="1.0" encoding="utf-8"?>\r\n<!DOCTYPE rdf [\r\n <!ENTITY file SYSTEM "file:///c:/windows/win.ini">\r\n]>\r\n<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">\r\n <rdf:Description rdf:about="content.xml#id1265690860">\r\n <ns0:comment\r\nxmlns:ns0="http://www.w3.org/2000/01/rdf-schema#">&file;</ns0:comment>\r\n </rdf:Description>\r\n</rdf:RDF>\r\n\r\n\r\n\r\nUpon opening the malicious .odt file in OpenOffice for Windows, the\r\nc:\windows\win.ini file was read and included in the document metadata. Upon\r\nsaving the document, this metadata was included literally in the resulting\r\nevil.rdf file (within the .odt):\r\n\r\n<?xml version="1.0" encoding="utf-8"?>\r\n<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">\r\n <rdf:Description rdf:about="content.xml#id1265690860">\r\n <ns1:comment xmlns:ns1="http://www.w3.org/2000/01/rdf-schema#">; for\r\n16-bit app support\r\n[fonts]\r\n[extensions]\r\n[mci extensions]\r\n[files]\r\n[Mail]\r\nMAPI=1\r\nCMCDLLNAME32=mapi32.dll\r\nCMC=1\r\nMAPIX=1\r\nMAPIXVER=1.0.0.1\r\nOLEMessaging=1\r\n</ns1:comment>\r\n </rdf:Description>\r\n</rdf:RDF>\r\n\r\n\r\nThe malicious XML entities could also include URLs to attacker-controlled\r\nHTTP or FTP resources. This would allow an attacker to determine when a\r\ndocument was opened, potentially resulting in reduced privacy. However, based\r\non current analysis of the affected office applications, the most serious attack\r\nscenario is likely to be:\r\n\r\n1. Attacker posts a malicious file on a web site or sends file to victim. The\r\nfile contains a form for the victim to fill out and return to the attacker.\r\n\r\n2. Victim fills out the form, saves it, sends it back to the attacker.\r\n\r\n3. Attacker is able to read the contents of any stolen files as embedded\r\nmetadata, simply by unzipping the returned file and reading the malicious RDF\r\ncomponent.\r\n\r\n\r\nThis attack clearly requires some significant user interaction. However, other\r\napplications which rely on librdf/libraptor have not been analyzed. It is\r\nplausible that the context of the external entity interpretation in other\r\nsoftware could allow for more serious automated file retrieval attacks.\r\n\r\n\r\nVersions Affected\r\n~---------------~\r\nThe 1.x and 2.x major versions of librdf are affected.\r\n\r\nThus far, all recent versions of open source office products appear to be\r\naffected, since these products rely on librdf/raptor for the interpretation of\r\nRDF files. This, in turn relies on libxml2 which supports external entity\r\ninterpretation by default. OpenOffice and LibreOffice include a modified copy of\r\nlibrdf 1.x which was vulnerable at the time of testing. It is likely that all\r\npreviously release 3.x versions of OpenOffice and LibreOffice are vulnerable.\r\nAbiWord and KOffice rely on a copy of librdf which is installed by the\r\nunderlying operating system.\r\n\r\nNumerous other open source software packages depend on librdf or libraptor\r\n(including ardour, libslv2, lv2file, morla, soprano, and numerous\r\nlanguage-specific wrappers), but it is not known if these are exploitable in any\r\nrealistic scenario.\r\n\r\n\r\nVendor Response\r\n~-------------~\r\nThe following timeline provides an overview of communication with the primary\r\naffected vendors:\r\n\r\n2012-01-09 OpenOffice, LibreOffice, AbiWord, KOffice, and libraptor\r\n maintainers were provided a draft advisory and test sample.\r\n The OpenWall "distros" mailing list was also notified.\r\n Apache OpenOffice Security team acknowledged notification.\r\n libraptor developer confirmed flaw.\r\n\r\n2012-01-10 CVE-2012-0037 assigned by Apache.\r\n\r\n2012-02-02 Notified OpenWall "distros" mailing list again, due to previous\r\n technical problems.\r\n\r\n2012-02-04 libraptor developer provided patches to all notified parties.\r\n\r\n2012-02-22 Extensive arguing between vendors about embargo/release date.\r\n\r\n2012-03-06 More arguing about release date.\r\n\r\n2012-03-14 Agreed upon release date established.\r\n\r\n2012-03-22 Security updates and vendor advisories released.\r\n\r\n2012-03-24 VSR advisory released.\r\n\r\n\r\nRecommendation\r\n~------------~\r\nUsers of most open source operating system distributions should update to the\r\nlatest librdf package as soon as possible, once a patched version is available\r\nfor their distribution. OpenOffice and LibreOffice packages should also be\r\nupgraded, since these include a custom copy of the library.\r\n\r\nUsers of other operating systems who use LibreOffice or OpenOffice should\r\nupgrade these packages to the latest release versions as soon as possible \r\n\r\nDevelopers of software which rely on librdf or libraptor should assess the risk\r\nof XXE attacks on interpreted XML files and take appropriate actions to notify\r\ntheir users based on how their software operates. VSR would be happy to assist\r\ndevelopers in these efforts on a case-by-case basis.\r\n\r\n\r\nCommon Vulnerabilities and Exposures (CVE) Information\r\n~----------------------------------------------------~\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nthe number CVE-2012-0037 to this issue. This is a candidate for\r\ninclusion in the CVE list (http://cve.mitre.org), which standardizes\r\nnames for security problems.\r\n\r\n\r\nAcknowledgements\r\n~--------------~\r\nThanks to Leper for help in preliminary testing.\r\n\r\nThanks to Jan iankko Lieskovsky, Daniel Veillard, Caolan McNamara, and Michael\r\nStahl for performing deeper analysis on the interaction between libraptor and\r\nlibxml2.\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\r\n\r\nReferences:\r\n\r\n1. http://librdf.org/raptor/\r\n\r\n2. http://librdf.org/\r\n\r\n3. http://www.w3.org/RDF/\r\n\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\r\n\r\nThis advisory is distributed for educational purposes only with the sincere\r\nhope that it will help promote public safety. This advisory comes with\r\nabsolutely NO WARRANTY; not even the implied warranty of merchantability or\r\nfitness for a particular purpose. Neither Virtual Security Research, LLC nor\r\nthe author accepts any liability for any direct, indirect, or consequential\r\nloss or damage arising from use of, or reliance on, this information.\r\n\r\nSee the VSR disclosure policy for more information on our responsible\r\ndisclosure practices:\r\n http://www.vsecurity.com/company/disclosure\r\n\r\n=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\r\n Copyright 2012 Virtual Security Research, LLC. All rights reserved.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFPbfkKQ1RSUNR+T+gRAtqLAKCfiu/8wW49/Jtp9Q4+4VvRgXDvegCfcZZf\r\nl3N1P2JkzSJNnVZAuUqwBbs=\r\n=8Uwi\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-04-02T00:00:00", "published": "2012-04-02T00:00:00", "id": "SECURITYVULNS:DOC:27872", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27872", "title": "CVE-2012-0037: libraptor - XXE in RDF/XML File Interpretation (Multiple office products affected)", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-0037"], "description": "It's possible to inject file via XML", "edition": 1, "modified": "2012-04-02T00:00:00", "published": "2012-04-02T00:00:00", "id": "SECURITYVULNS:VULN:12287", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12287", "title": "raptor library (libreoffice / openoffice) file injection", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:44", "bulletinFamily": "software", "cvelist": ["CVE-2012-0037"], "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2438-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nMarch 22, 2012 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : raptor\r\nVulnerability : programming error\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE ID : CVE-2012-0037\r\n\r\nIt was discovered that Raptor, a RDF parser and serializer library,\r\nallows file inclusion through XML entities, resulting in information\r\ndisclosure.\r\n\r\nFor the stable distribution (squeeze), this problem has been fixed in\r\nversion 1.4.21-2+squeeze1.\r\n\r\nFor the unstable distribution (sid), this problem will be fixed soon.\r\n\r\nWe recommend that you upgrade your raptor packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niEYEARECAAYFAk9rVPkACgkQXm3vHE4uylq8aQCdF/Y2xxs+4R/d35s0NCEIA2nA\r\nxWcAoMvbz4NkFXUmj/FZQmkazp1tg8xC\r\n=Jhyh\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-03-26T00:00:00", "published": "2012-03-26T00:00:00", "id": "SECURITYVULNS:DOC:27835", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27835", "title": "[SECURITY] [DSA 2438-1] raptor security update", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037"], "description": "OpenOffice.org is an office productivity suite that includes desktop\napplications, such as a word processor, spreadsheet application,\npresentation manager, formula editor, and a drawing program. OpenOffice.org\nembeds a copy of Raptor, which provides parsers for Resource Description\nFramework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor processed\nRDF files. If OpenOffice.org were to open a specially-crafted file (such\nas an OpenDocument Format or OpenDocument Presentation file), it could\npossibly allow a remote attacker to obtain a copy of an arbitrary local\nfile that the user running OpenOffice.org had access to. A bug in the way\nRaptor handled external entities could cause OpenOffice.org to crash or,\npossibly, execute arbitrary code with the privileges of the user running \nOpenOffice.org. (CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting this\nissue.\n\nAll OpenOffice.org users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. All running\ninstances of OpenOffice.org applications must be restarted for this update\nto take effect.\n", "modified": "2017-09-08T12:18:09", "published": "2012-03-22T04:00:00", "id": "RHSA-2012:0411", "href": "https://access.redhat.com/errata/RHSA-2012:0411", "type": "redhat", "title": "(RHSA-2012:0411) Important: openoffice.org security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-08-13T18:45:07", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037"], "description": "Raptor provides parsers for Resource Description Framework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor processed\nRDF files. If an application linked against Raptor were to open a \nspecially-crafted RDF file, it could possibly allow a remote attacker to \nobtain a copy of an arbitrary local file that the user running the\napplication had access to. A bug in the way Raptor handled external\nentities could cause that application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting this\nissue.\n\nAll Raptor users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against Raptor must be restarted for this update to take effect.\n", "modified": "2018-06-06T20:24:17", "published": "2012-03-22T04:00:00", "id": "RHSA-2012:0410", "href": "https://access.redhat.com/errata/RHSA-2012:0410", "type": "redhat", "title": "(RHSA-2012:0410) Important: raptor security update", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:37:02", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037"], "description": "Timothy D. Morgan discovered that Raptor would unconditionally load XML \nexternal entities. If a user were tricked into opening a specially crafted \ndocument in an application linked against Raptor, an attacker could \npossibly obtain access to arbitrary files on the user's system or \npotentially execute arbitrary code with the privileges of the user invoking \nthe program.", "edition": 5, "modified": "2012-06-18T00:00:00", "published": "2012-06-18T00:00:00", "id": "USN-1480-1", "href": "https://ubuntu.com/security/notices/USN-1480-1", "title": "Raptor vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-07-02T11:36:17", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037"], "description": "Timothy D. Morgan discovered that Raptor would unconditionally load XML \nexternal entities. If a user were tricked into opening a specially crafted \ndocument in an application linked against Raptor, an attacker could \npossibly obtain access to arbitrary files on the user's system or \npotentially execute arbitrary code with the privileges of the user invoking \nthe program.", "edition": 5, "modified": "2013-07-08T00:00:00", "published": "2013-07-08T00:00:00", "id": "USN-1901-1", "href": "https://ubuntu.com/security/notices/USN-1901-1", "title": "Raptor vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:28:33", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0410\n\n\nRaptor provides parsers for Resource Description Framework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor processed\nRDF files. If an application linked against Raptor were to open a \nspecially-crafted RDF file, it could possibly allow a remote attacker to \nobtain a copy of an arbitrary local file that the user running the\napplication had access to. A bug in the way Raptor handled external\nentities could cause that application to crash or, possibly, execute\narbitrary code with the privileges of the user running the application.\n(CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting this\nissue.\n\nAll Raptor users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue. All running applications\nlinked against Raptor must be restarted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-March/030556.html\n\n**Affected packages:**\nraptor\nraptor-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0410.html", "edition": 3, "modified": "2012-03-22T20:07:09", "published": "2012-03-22T20:07:09", "href": "http://lists.centos.org/pipermail/centos-announce/2012-March/030556.html", "id": "CESA-2012:0410", "title": "raptor security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-20T18:26:06", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037"], "description": "**CentOS Errata and Security Advisory** CESA-2012:0411\n\n\nOpenOffice.org is an office productivity suite that includes desktop\napplications, such as a word processor, spreadsheet application,\npresentation manager, formula editor, and a drawing program. OpenOffice.org\nembeds a copy of Raptor, which provides parsers for Resource Description\nFramework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor processed\nRDF files. If OpenOffice.org were to open a specially-crafted file (such\nas an OpenDocument Format or OpenDocument Presentation file), it could\npossibly allow a remote attacker to obtain a copy of an arbitrary local\nfile that the user running OpenOffice.org had access to. A bug in the way\nRaptor handled external entities could cause OpenOffice.org to crash or,\npossibly, execute arbitrary code with the privileges of the user running \nOpenOffice.org. (CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting this\nissue.\n\nAll OpenOffice.org users are advised to upgrade to these updated packages,\nwhich contain backported patches to correct this issue. All running\ninstances of OpenOffice.org applications must be restarted for this update\nto take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2012-March/030557.html\n\n**Affected packages:**\nopenoffice.org\nopenoffice.org-base\nopenoffice.org-calc\nopenoffice.org-core\nopenoffice.org-draw\nopenoffice.org-emailmerge\nopenoffice.org-graphicfilter\nopenoffice.org-headless\nopenoffice.org-impress\nopenoffice.org-javafilter\nopenoffice.org-langpack-af_ZA\nopenoffice.org-langpack-ar\nopenoffice.org-langpack-as_IN\nopenoffice.org-langpack-bg_BG\nopenoffice.org-langpack-bn\nopenoffice.org-langpack-ca_ES\nopenoffice.org-langpack-cs_CZ\nopenoffice.org-langpack-cy_GB\nopenoffice.org-langpack-da_DK\nopenoffice.org-langpack-de\nopenoffice.org-langpack-el_GR\nopenoffice.org-langpack-es\nopenoffice.org-langpack-et_EE\nopenoffice.org-langpack-eu_ES\nopenoffice.org-langpack-fi_FI\nopenoffice.org-langpack-fr\nopenoffice.org-langpack-ga_IE\nopenoffice.org-langpack-gl_ES\nopenoffice.org-langpack-gu_IN\nopenoffice.org-langpack-he_IL\nopenoffice.org-langpack-hi_IN\nopenoffice.org-langpack-hr_HR\nopenoffice.org-langpack-hu_HU\nopenoffice.org-langpack-it\nopenoffice.org-langpack-ja_JP\nopenoffice.org-langpack-kn_IN\nopenoffice.org-langpack-ko_KR\nopenoffice.org-langpack-lt_LT\nopenoffice.org-langpack-ml_IN\nopenoffice.org-langpack-mr_IN\nopenoffice.org-langpack-ms_MY\nopenoffice.org-langpack-nb_NO\nopenoffice.org-langpack-nl\nopenoffice.org-langpack-nn_NO\nopenoffice.org-langpack-nr_ZA\nopenoffice.org-langpack-nso_ZA\nopenoffice.org-langpack-or_IN\nopenoffice.org-langpack-pa_IN\nopenoffice.org-langpack-pl_PL\nopenoffice.org-langpack-pt_BR\nopenoffice.org-langpack-pt_PT\nopenoffice.org-langpack-ru\nopenoffice.org-langpack-sk_SK\nopenoffice.org-langpack-sl_SI\nopenoffice.org-langpack-sr_CS\nopenoffice.org-langpack-ss_ZA\nopenoffice.org-langpack-st_ZA\nopenoffice.org-langpack-sv\nopenoffice.org-langpack-ta_IN\nopenoffice.org-langpack-te_IN\nopenoffice.org-langpack-th_TH\nopenoffice.org-langpack-tn_ZA\nopenoffice.org-langpack-tr_TR\nopenoffice.org-langpack-ts_ZA\nopenoffice.org-langpack-ur\nopenoffice.org-langpack-ve_ZA\nopenoffice.org-langpack-xh_ZA\nopenoffice.org-langpack-zh_CN\nopenoffice.org-langpack-zh_TW\nopenoffice.org-langpack-zu_ZA\nopenoffice.org-math\nopenoffice.org-pyuno\nopenoffice.org-sdk\nopenoffice.org-sdk-doc\nopenoffice.org-testtools\nopenoffice.org-ure\nopenoffice.org-writer\nopenoffice.org-xsltfilter\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2012-0411.html", "edition": 3, "modified": "2012-03-23T18:34:12", "published": "2012-03-23T18:34:12", "href": "http://lists.centos.org/pipermail/centos-announce/2012-March/030557.html", "id": "CESA-2012:0411", "title": "openoffice.org security update", "type": "centos", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2020-11-11T13:24:03", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2438-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 22, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : raptor\nVulnerability : programming error\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-0037\n\nIt was discovered that Raptor, a RDF parser and serializer library,\nallows file inclusion through XML entities, resulting in information\ndisclosure.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.21-2+squeeze1.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your raptor packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-03-22T17:03:08", "published": "2012-03-22T17:03:08", "id": "DEBIAN:DSA-2438-1:5F194", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00066.html", "title": "[SECURITY] [DSA 2438-1] raptor security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "seebug": [{"lastseen": "2017-11-19T17:54:22", "description": "Bugtraq ID: 52681\r\nCVE ID\uff1aCVE-2012-0037\r\n\r\nOpenOffice\u662f\u4e00\u6b3e\u5f00\u653e\u6e90\u4ee3\u7801\u7684\u6587\u5b57\u5904\u7406\u7cfb\u7edf\r\n\r\nOpenOffice.org\u5b58\u5728\u4e00\u4e2aXML\u5916\u90e8\u5b9e\u4f53\u653b\u51fb\uff0c\u5904\u7406ODF\u6587\u6863\u4e2d\u67d0\u4e9bXML\u7ec4\u4ef6\u4e2d\u7684\u5916\u90e8\u5b9e\u4f53\u65f6\u5b58\u5728\u6f0f\u6d1e\uff0c\u901a\u8fc7\u6784\u5efa\u5916\u90e8\u5b9e\u4f53\u5f15\u7528\u5176\u4ed6\u672c\u5730\u6587\u4ef6\u7cfb\u7edf\u8d44\u6e90\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u65e0\u9700\u7528\u6237\u4ea4\u4e92\u628a\u672c\u5730\u5185\u5bb9\u6ce8\u5165\u5230ODF\u6587\u6863\u4e2d\uff0c\u5bfc\u81f4\u4fe1\u606f\u6cc4\u9732\n0\nOpenOffice 3.4 Beta\r\nOpenOffice 3.3\n\u5382\u5546\u89e3\u51b3\u65b9\u6848\r\n\r\n\r\n\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://www.openoffice.org/security/cves/CVE-2012-0037.html", "published": "2012-03-23T00:00:00", "type": "seebug", "title": "OpenOffice ODF\u6587\u6863\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-0037"], "modified": "2012-03-23T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-30216", "id": "SSV:30216", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:36:33", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037"], "description": "[1.4.18-5.1]\n- Fixed XML entity expansion that could lead to information disclosure (CVE-2012-0037)\n Resolves: rhbz#804496", "edition": 4, "modified": "2012-03-22T00:00:00", "published": "2012-03-22T00:00:00", "id": "ELSA-2012-0410", "href": "http://linux.oracle.com/errata/ELSA-2012-0410.html", "title": "raptor security update", "type": "oraclelinux", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037"], "description": "\nTimothy D. Morgan reports:\n\nIn December 2011, VSR identified a vulnerability in multiple open\n\t source office products (including OpenOffice, LibreOffice, KOffice,\n\t and AbiWord) due to unsafe interpretation of XML files with custom\n\t entity declarations. Deeper analysis revealed that the\n\t vulnerability was caused by acceptance of external entities by the\n\t libraptor library, which is used by librdf and is in turn used by\n\t these office products.\nIn the context of office applications, these vulnerabilities could\n\t allow for XML External Entity (XXE) attacks resulting in file theft\n\t and a loss of user privacy when opening potentially malicious ODF\n\t documents. For other applications which depend on librdf or\n\t libraptor, potentially serious consequences could result from\n\t accepting RDF/XML content from untrusted sources, though the impact\n\t may vary widely depending on the context.\n\n", "edition": 4, "modified": "2012-03-24T00:00:00", "published": "2012-03-24T00:00:00", "id": "60F81AF3-7690-11E1-9423-00235A5F2C9A", "href": "https://vuxml.freebsd.org/freebsd/60f81af3-7690-11e1-9423-00235a5f2c9a.html", "title": "raptor/raptor2 -- XXE in RDF/XML File Interpretation", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-01T06:39:42", "description": "Timothy D. Morgan discovered that Raptor would unconditionally load\nXML external entities. If a user were tricked into opening a specially\ncrafted document in an application linked against Raptor, an attacker\ncould possibly obtain access to arbitrary files on the user's system\nor potentially execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2013-07-09T00:00:00", "title": "Ubuntu 12.04 LTS : raptor2 vulnerability (USN-1901-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libraptor2-0", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1901-1.NASL", "href": "https://www.tenable.com/plugins/nessus/67206", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1901-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67206);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2019/09/19 12:54:29\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n script_xref(name:\"USN\", value:\"1901-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : raptor2 vulnerability (USN-1901-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Timothy D. Morgan discovered that Raptor would unconditionally load\nXML external entities. If a user were tricked into opening a specially\ncrafted document in an application linked against Raptor, an attacker\ncould possibly obtain access to arbitrary files on the user's system\nor potentially execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1901-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libraptor2-0 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libraptor2-0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libraptor2-0\", pkgver:\"2.0.6-1ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libraptor2-0\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:10:30", "description": "new raptor2-2.0.7 release highlights :\n\n - CVE-2012-0037 fixed\n\n - Removed Expat support\n\n - Removed internal Unicode NFC code for better and\n optional ICU\n\n - Added options for denying file requests and XML entity\n loading\n\n - Added options for SSL certificate verifying\n\n - Fixed reported issues: 0000448 and 0000469\n\nSee also http://librdf.org/raptor/RELEASE.html#rel2_0_7\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-04-12T00:00:00", "title": "Fedora 17 : raptor2-2.0.7-1.fc17 (2012-4629)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "modified": "2012-04-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:raptor2", "cpe:/o:fedoraproject:fedora:17"], "id": "FEDORA_2012-4629.NASL", "href": "https://www.tenable.com/plugins/nessus/58696", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4629.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58696);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n script_xref(name:\"FEDORA\", value:\"2012-4629\");\n\n script_name(english:\"Fedora 17 : raptor2-2.0.7-1.fc17 (2012-4629)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new raptor2-2.0.7 release highlights :\n\n - CVE-2012-0037 fixed\n\n - Removed Expat support\n\n - Removed internal Unicode NFC code for better and\n optional ICU\n\n - Added options for denying file requests and XML entity\n loading\n\n - Added options for SSL certificate verifying\n\n - Fixed reported issues: 0000448 and 0000469\n\nSee also http://librdf.org/raptor/RELEASE.html#rel2_0_7\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://librdf.org/raptor/RELEASE.html#rel2_0_7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=805944\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e9fefb10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected raptor2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:raptor2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"raptor2-2.0.7-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"raptor2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:10:30", "description": "new raptor2-2.0.7 release highlights :\n\n - CVE-2012-0037 fixed\n\n - Removed Expat support\n\n - Removed internal Unicode NFC code for better and\n optional ICU\n\n - Added options for denying file requests and XML entity\n loading\n\n - Added options for SSL certificate verifying\n\n - Fixed reported issues: 0000448 and 0000469\n\nSee also http://librdf.org/raptor/RELEASE.html#rel2_0_7\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-04-13T00:00:00", "title": "Fedora 16 : raptor2-2.0.7-1.fc16 (2012-4663)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "modified": "2012-04-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:raptor2", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-4663.NASL", "href": "https://www.tenable.com/plugins/nessus/58731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-4663.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58731);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n script_xref(name:\"FEDORA\", value:\"2012-4663\");\n\n script_name(english:\"Fedora 16 : raptor2-2.0.7-1.fc16 (2012-4663)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"new raptor2-2.0.7 release highlights :\n\n - CVE-2012-0037 fixed\n\n - Removed Expat support\n\n - Removed internal Unicode NFC code for better and\n optional ICU\n\n - Added options for denying file requests and XML entity\n loading\n\n - Added options for SSL certificate verifying\n\n - Fixed reported issues: 0000448 and 0000469\n\nSee also http://librdf.org/raptor/RELEASE.html#rel2_0_7\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://librdf.org/raptor/RELEASE.html#rel2_0_7\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=805944\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8919399c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected raptor2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:raptor2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"raptor2-2.0.7-1.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"raptor2\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T03:40:11", "description": "The remote host is running a version of LibreOffice < 3.4.6 / 3.5.1\nthat has flaws in the way certain XML components are processed for\nexternal entities in ODF documents. These flaws can be utilized to\naccess and inject the content of local files into an ODF document\nwithout a user's knowledge or permission, or inject arbitrary code\nthat would be executed when opened by the user.", "edition": 24, "published": "2012-04-12T00:00:00", "title": "LibreOffice < 3.4.6 / 3.5.1 XML External Entity RDF Document Handling Information Disclosure (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:libreoffice:libreoffice"], "id": "MACOSX_LIBREOFFICE_351.NASL", "href": "https://www.tenable.com/plugins/nessus/58725", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(58725);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/07/14 1:59:36\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n\n script_name(english:\"LibreOffice < 3.4.6 / 3.5.1 XML External Entity RDF Document Handling Information Disclosure (Mac OS X)\");\n script_summary(english:\"Checks if patch is installed\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is running an application affected by a data leakage\nvulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is running a version of LibreOffice < 3.4.6 / 3.5.1\nthat has flaws in the way certain XML components are processed for\nexternal entities in ODF documents. These flaws can be utilized to\naccess and inject the content of local files into an ODF document\nwithout a user's knowledge or permission, or inject arbitrary code\nthat would be executed when opened by the user.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.libreoffice.org/advisories/CVE-2012-0037/\");\n script_set_attribute(\n attribute:\"solution\",\n value:\"Upgrade to LibreOffice 3.4.6 / 3.5.1 or higher.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:libreoffice:libreoffice\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_libreoffice_installed.nasl\");\n script_require_keys(\"MacOSX/LibreOffice/Version\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nkb_base = \"MacOSX/LibreOffice\";\nget_kb_item_or_exit(kb_base+\"/Installed\");\npath = get_kb_item_or_exit(kb_base+\"/Path\", exit_code:1);\nversion = get_kb_item_or_exit(kb_base+\"/Version\", exit_code:1);\n\nver = split(version, sep:\".\", keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n (\n ver[0] < 3 ||\n (\n ver[0] == 3 &&\n (\n ver[1] < 4 ||\n (ver[1] == 4 && ver[2] < 6) || # < 3.4.6\n (ver[1] == 5 && ver[2] < 1) # < 3.5.1\n )\n )\n )\n)\n{\n if (report_verbosity > 0)\n {\n report = \n '\\n Path : ' + path + \n '\\n Installed version : ' + version + \n '\\n Fixed version : 3.4.6 / 3.5.1\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The LibreOffice \"+version+\" install under \"+path+\" is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:09:53", "description": "This is new version of package that fixes CVE-2012-0037.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2012-07-31T00:00:00", "title": "Fedora 17 : raptor-1.4.21-12.fc17 (2012-10591)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "modified": "2012-07-31T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:raptor"], "id": "FEDORA_2012-10591.NASL", "href": "https://www.tenable.com/plugins/nessus/60158", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-10591.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(60158);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n script_xref(name:\"FEDORA\", value:\"2012-10591\");\n\n script_name(english:\"Fedora 17 : raptor-1.4.21-12.fc17 (2012-10591)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is new version of package that fixes CVE-2012-0037.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=805941\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-July/084481.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fe6964a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected raptor package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:raptor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"raptor-1.4.21-12.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"raptor\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-01T06:37:59", "description": "Timothy D. Morgan discovered that Raptor would unconditionally load\nXML external entities. If a user were tricked into opening a specially\ncrafted document in an application linked against Raptor, an attacker\ncould possibly obtain access to arbitrary files on the user's system\nor potentially execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2012-06-19T00:00:00", "title": "Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : raptor vulnerability (USN-1480-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:11.10", "cpe:/o:canonical:ubuntu_linux:11.04", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libraptor1", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-1480-1.NASL", "href": "https://www.tenable.com/plugins/nessus/59567", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1480-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(59567);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2019/09/19 12:54:28\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n script_xref(name:\"USN\", value:\"1480-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : raptor vulnerability (USN-1480-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Timothy D. Morgan discovered that Raptor would unconditionally load\nXML external entities. If a user were tricked into opening a specially\ncrafted document in an application linked against Raptor, an attacker\ncould possibly obtain access to arbitrary files on the user's system\nor potentially execute arbitrary code with the privileges of the user\ninvoking the program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1480-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libraptor1 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libraptor1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:11.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|11\\.04|11\\.10|12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 11.04 / 11.10 / 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"libraptor1\", pkgver:\"1.4.21-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"11.04\", pkgname:\"libraptor1\", pkgver:\"1.4.21-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"11.10\", pkgname:\"libraptor1\", pkgver:\"1.4.21-5ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libraptor1\", pkgver:\"1.4.21-7ubuntu0.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libraptor1\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-20T14:41:24", "description": "Specially crafted XML files could have allowed XML External Entity\n(XXE) attacks resulting in file theft and a loss of user privacy. This\nhas been fixed.", "edition": 17, "published": "2012-03-26T00:00:00", "title": "SuSE 11.1 Security Update : libraptor (SAT Patch Number 5836)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "modified": "2012-03-26T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:raptor", "p-cpe:/a:novell:suse_linux:11:libraptor1", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_LIBRAPTOR-DEVEL-120217.NASL", "href": "https://www.tenable.com/plugins/nessus/58479", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58479);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-0037\");\n\n script_name(english:\"SuSE 11.1 Security Update : libraptor (SAT Patch Number 5836)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted XML files could have allowed XML External Entity\n(XXE) attacks resulting in file theft and a loss of user privacy. This\nhas been fixed.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=745298\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2012-0037.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5836.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:libraptor1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:raptor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"libraptor1-1.4.18-28.23.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"raptor-1.4.18-28.23.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"libraptor1-1.4.18-28.23.2\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"raptor-1.4.18-28.23.2\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:1, reference:\"libraptor1-1.4.18-28.23.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-06T09:27:36", "description": "Updated raptor packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nRaptor provides parsers for Resource Description Framework (RDF)\nfiles.\n\nAn XML External Entity expansion flaw was found in the way Raptor\nprocessed RDF files. If an application linked against Raptor were to\nopen a specially crafted RDF file, it could possibly allow a remote\nattacker to obtain a copy of an arbitrary local file that the user\nrunning the application had access to. A bug in the way Raptor handled\nexternal entities could cause that application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting\nthis issue.\n\nAll Raptor users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications linked against Raptor must be restarted for this update\nto take effect.", "edition": 24, "published": "2012-03-26T00:00:00", "title": "CentOS 6 : raptor (CESA-2012:0410)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "modified": "2012-03-26T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:raptor-devel", "p-cpe:/a:centos:centos:raptor"], "id": "CENTOS_RHSA-2012-0410.NASL", "href": "https://www.tenable.com/plugins/nessus/58457", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0410 and \n# CentOS Errata and Security Advisory 2012:0410 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58457);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n script_xref(name:\"RHSA\", value:\"2012:0410\");\n\n script_name(english:\"CentOS 6 : raptor (CESA-2012:0410)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated raptor packages that fix one security issue are now available\nfor Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nimportant security impact. A Common Vulnerability Scoring System\n(CVSS) base score, which gives a detailed severity rating, is\navailable from the CVE link in the References section.\n\nRaptor provides parsers for Resource Description Framework (RDF)\nfiles.\n\nAn XML External Entity expansion flaw was found in the way Raptor\nprocessed RDF files. If an application linked against Raptor were to\nopen a specially crafted RDF file, it could possibly allow a remote\nattacker to obtain a copy of an arbitrary local file that the user\nrunning the application had access to. A bug in the way Raptor handled\nexternal entities could cause that application to crash or, possibly,\nexecute arbitrary code with the privileges of the user running the\napplication. (CVE-2012-0037)\n\nRed Hat would like to thank Timothy D. Morgan of VSR for reporting\nthis issue.\n\nAll Raptor users are advised to upgrade to these updated packages,\nwhich contain a backported patch to correct this issue. All running\napplications linked against Raptor must be restarted for this update\nto take effect.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2012-March/018518.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?230b835e\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected raptor packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2012-0037\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:raptor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:raptor-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"raptor-1.4.18-5.el6_2.1\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"raptor-devel-1.4.18-5.el6_2.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"raptor / raptor-devel\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T13:46:29", "description": "OpenOffice.org is an office productivity suite that includes desktop\napplications, such as a word processor, spreadsheet application,\npresentation manager, formula editor, and a drawing program.\nOpenOffice.org embeds a copy of Raptor, which provides parsers for\nResource Description Framework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor\nprocessed RDF files. If OpenOffice.org were to open a specially\ncrafted file (such as an OpenDocument Format or OpenDocument\nPresentation file), it could possibly allow a remote attacker to\nobtain a copy of an arbitrary local file that the user running\nOpenOffice.org had access to. A bug in the way Raptor handled external\nentities could cause OpenOffice.org to crash or, possibly, execute\narbitrary code with the privileges of the user running OpenOffice.org.\n(CVE-2012-0037)\n\nAll OpenOffice.org users are advised to upgrade to these updated\npackages, which contain backported patches to correct this issue. All\nrunning instances of OpenOffice.org applications must be restarted for\nthis update to take effect.", "edition": 14, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64 (20120322)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "modified": "2012-08-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-bg_BG", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-gl_ES", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ca_ES", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-he_IL", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-sk_SK", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-base", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-headless", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-calc", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-st_ZA", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-cs_CZ", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ta_IN", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-zu_ZA", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ar", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-tn_ZA", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-mr_IN", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-nso_ZA", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-pt_BR", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-da_DK", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-impress", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-cy_GB", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-kn_IN", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-testtools", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-pt_PT", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-te_IN", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-draw", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-nb_NO", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-th_TH", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-hr_HR", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-de", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ts_ZA", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-sr_CS", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-writer", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-bn", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-es", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-et_EE", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ja_JP", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-zh_CN", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ru", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-nr_ZA", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-math", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-af_ZA", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-gu_IN", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-hu_HU", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ur", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-or_IN", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ko_KR", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-pl_PL", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-emailmerge", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-xh_ZA", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-as_IN", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-javafilter", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-sdk", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-lt_LT", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ms_MY", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-debuginfo", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-hi_IN", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ga_IE", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-tr_TR", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ve_ZA", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-pa_IN", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-sv", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-fi_FI", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-core", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ss_ZA", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-it", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-nn_NO", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-zh_TW", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-el_GR", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-pyuno", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-nl", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-graphicfilter", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-xsltfilter", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ml_IN", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-ure", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-eu_ES", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-fr", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-sdk-doc", "p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-sl_SI"], "id": "SL_20120322_OPENOFFICE_ORG_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61287", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61287);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2012-0037\");\n\n script_name(english:\"Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64 (20120322)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"OpenOffice.org is an office productivity suite that includes desktop\napplications, such as a word processor, spreadsheet application,\npresentation manager, formula editor, and a drawing program.\nOpenOffice.org embeds a copy of Raptor, which provides parsers for\nResource Description Framework (RDF) files.\n\nAn XML External Entity expansion flaw was found in the way Raptor\nprocessed RDF files. If OpenOffice.org were to open a specially\ncrafted file (such as an OpenDocument Format or OpenDocument\nPresentation file), it could possibly allow a remote attacker to\nobtain a copy of an arbitrary local file that the user running\nOpenOffice.org had access to. A bug in the way Raptor handled external\nentities could cause OpenOffice.org to crash or, possibly, execute\narbitrary code with the privileges of the user running OpenOffice.org.\n(CVE-2012-0037)\n\nAll OpenOffice.org users are advised to upgrade to these updated\npackages, which contain backported patches to correct this issue. All\nrunning instances of OpenOffice.org applications must be restarted for\nthis update to take effect.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=4437\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?496d5f23\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-calc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-draw\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-emailmerge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-graphicfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-impress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-javafilter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-af_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-as_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-bg_BG\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-bn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ca_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-cs_CZ\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-cy_GB\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-da_DK\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-el_GR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-et_EE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-eu_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-fi_FI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ga_IE\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-gl_ES\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-gu_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-he_IL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-hi_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-hr_HR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-hu_HU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ja_JP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-kn_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ko_KR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-lt_LT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ml_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-mr_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ms_MY\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-nb_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-nn_NO\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-nr_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-nso_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-or_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-pa_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-pl_PL\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-pt_BR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-pt_PT\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-sk_SK\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-sl_SI\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-sr_CS\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ss_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-st_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ta_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-te_IN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-th_TH\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-tn_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-tr_TR\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ts_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ur\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-ve_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-xh_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-langpack-zu_ZA\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-math\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-pyuno\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-sdk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-sdk-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-testtools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-ure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-writer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:openoffice.org-xsltfilter\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-base-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-calc-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-core-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-debuginfo-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-draw-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-emailmerge-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-graphicfilter-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-headless-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-impress-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-javafilter-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-af_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-ar-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-as_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-bg_BG-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-bn-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-ca_ES-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-cs_CZ-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-cy_GB-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-da_DK-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-de-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-el_GR-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-es-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-et_EE-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-eu_ES-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-fi_FI-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-fr-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-ga_IE-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-gl_ES-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-gu_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-he_IL-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-hi_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-hr_HR-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-hu_HU-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-it-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-ja_JP-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-kn_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-ko_KR-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-lt_LT-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-ml_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-mr_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-ms_MY-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-nb_NO-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-nl-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-nn_NO-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-nr_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-nso_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-or_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-pa_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-pl_PL-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-pt_BR-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-pt_PT-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-ru-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-sk_SK-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-sl_SI-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-sr_CS-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-ss_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-st_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-sv-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-ta_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-te_IN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-th_TH-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-tn_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-tr_TR-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-ts_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-ur-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-ve_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-xh_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-zh_CN-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-zh_TW-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-langpack-zu_ZA-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-math-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-pyuno-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-sdk-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-sdk-doc-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-testtools-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-ure-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-writer-3.1.1-19.10.el5_8.1\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"openoffice.org-xsltfilter-3.1.1-19.10.el5_8.1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openoffice.org-base / openoffice.org-calc / openoffice.org-core / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T09:47:22", "description": "It was discovered that Raptor, a RDF parser and serializer library,\nallows file inclusion through XML entities, resulting in information\ndisclosure.", "edition": 16, "published": "2012-03-23T00:00:00", "title": "Debian DSA-2438-1 : raptor - programming error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "modified": "2012-03-23T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:raptor"], "id": "DEBIAN_DSA-2438.NASL", "href": "https://www.tenable.com/plugins/nessus/58436", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2438. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58436);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-0037\");\n script_bugtraq_id(52681);\n script_xref(name:\"DSA\", value:\"2438\");\n\n script_name(english:\"Debian DSA-2438-1 : raptor - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that Raptor, a RDF parser and serializer library,\nallows file inclusion through XML entities, resulting in information\ndisclosure.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/raptor\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2438\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the raptor packages.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.21-2+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:raptor\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"libraptor1\", reference:\"1.4.21-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libraptor1-dbg\", reference:\"1.4.21-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libraptor1-dev\", reference:\"1.4.21-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"libraptor1-doc\", reference:\"1.4.21-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"raptor-utils\", reference:\"1.4.21-2+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2018-01-18T11:08:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "description": "Check for the Version of raptor2", "modified": "2018-01-17T00:00:00", "published": "2013-07-09T00:00:00", "id": "OPENVAS:841501", "href": "http://plugins.openvas.org/nasl.php?oid=841501", "type": "openvas", "title": "Ubuntu Update for raptor2 USN-1901-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1901_1.nasl 8448 2018-01-17 16:18:06Z teissa $\n#\n# Ubuntu Update for raptor2 USN-1901-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"raptor2 on Ubuntu 12.04 LTS\";\ntag_insight = \"Timothy D. Morgan discovered that Raptor would unconditionally load XML\n external entities. If a user were tricked into opening a specially crafted\n document in an application linked against Raptor, an attacker could\n possibly obtain access to arbitrary files on the user's system or\n potentially execute arbitrary code with the privileges of the user invoking\n the program.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\nif(description)\n{\n script_id(841501);\n script_version(\"$Revision: 8448 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:18:06 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-07-09 15:51:04 +0530 (Tue, 09 Jul 2013)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Ubuntu Update for raptor2 USN-1901-1\");\n\n script_xref(name: \"USN\", value: \"1901-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1901-1/\");\n script_tag(name: \"summary\" , value: \"Check for the Version of raptor2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libraptor2-0\", ver:\"2.0.6-1ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2012-07-09T00:00:00", "id": "OPENVAS:1361412562310870721", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870721", "type": "openvas", "title": "RedHat Update for raptor RHSA-2012:0410-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for raptor RHSA-2012:0410-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-March/msg00016.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870721\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-09 10:53:26 +0530 (Mon, 09 Jul 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-0037\");\n script_xref(name:\"RHSA\", value:\"2012:0410-01\");\n script_name(\"RedHat Update for raptor RHSA-2012:0410-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'raptor'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"raptor on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Raptor provides parsers for Resource Description Framework (RDF) files.\n\n An XML External Entity expansion flaw was found in the way Raptor processed\n RDF files. If an application linked against Raptor were to open a\n specially-crafted RDF file, it could possibly allow a remote attacker to\n obtain a copy of an arbitrary local file that the user running the\n application had access to. A bug in the way Raptor handled external\n entities could cause that application to crash or, possibly, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2012-0037)\n\n Red Hat would like to thank Timothy D. Morgan of VSR for reporting this\n issue.\n\n All Raptor users are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. All running applications\n linked against Raptor must be restarted for this update to take effect.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"raptor\", rpm:\"raptor~1.4.18~5.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor-debuginfo\", rpm:\"raptor-debuginfo~1.4.18~5.el6_2.1\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:37", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310831599", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831599", "type": "openvas", "title": "Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:063\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831599\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:52:42 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"MDVSA\", value:\"2012:063\");\n script_name(\"Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'libreoffice'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_2011\\.0\");\n script_tag(name:\"affected\", value:\"libreoffice on Mandriva Linux 2011.0\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"An XML External Entity expansion flaw was found in the way Raptor\n processed RDF files. If an application linked against Raptor were to\n open a specially-crafted RDF file, it could possibly allow a remote\n attacker to obtain a copy of an arbitrary local file that the user\n running the application had access to. A bug in the way Raptor handled\n external entities could cause that application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application (CVE-2012-0037).\n\n libreoffice for Mandriva Linux 2011 has been upgraded to the 3.4.6\n version which is not vulnerable to this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libreoffice\", rpm:\"libreoffice~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-base\", rpm:\"libreoffice-base~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-calc\", rpm:\"libreoffice-calc~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-common\", rpm:\"libreoffice-common~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-core\", rpm:\"libreoffice-core~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-devel\", rpm:\"libreoffice-devel~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-devel-doc\", rpm:\"libreoffice-devel-doc~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-draw\", rpm:\"libreoffice-draw~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-filter-binfilter\", rpm:\"libreoffice-filter-binfilter~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-gnome\", rpm:\"libreoffice-gnome~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-bg\", rpm:\"libreoffice-help-bg~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-bn\", rpm:\"libreoffice-help-bn~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-bs\", rpm:\"libreoffice-help-bs~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-ca\", rpm:\"libreoffice-help-ca~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-cs\", rpm:\"libreoffice-help-cs~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-da\", rpm:\"libreoffice-help-da~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-de\", rpm:\"libreoffice-help-de~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-dz\", rpm:\"libreoffice-help-dz~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-el\", rpm:\"libreoffice-help-el~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-en_GB\", rpm:\"libreoffice-help-en_GB~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-en_US\", rpm:\"libreoffice-help-en_US~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-es\", rpm:\"libreoffice-help-es~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-et\", rpm:\"libreoffice-help-et~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-eu\", rpm:\"libreoffice-help-eu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-fi\", rpm:\"libreoffice-help-fi~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-fr\", rpm:\"libreoffice-help-fr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-gl\", rpm:\"libreoffice-help-gl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-gu\", rpm:\"libreoffice-help-gu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-he\", rpm:\"libreoffice-help-he~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-hi\", rpm:\"libreoffice-help-hi~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-hr\", rpm:\"libreoffice-help-hr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-hu\", rpm:\"libreoffice-help-hu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-it\", rpm:\"libreoffice-help-it~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-ja\", rpm:\"libreoffice-help-ja~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-ko\", rpm:\"libreoffice-help-ko~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-mk\", rpm:\"libreoffice-help-mk~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-nb\", rpm:\"libreoffice-help-nb~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-nl\", rpm:\"libreoffice-help-nl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-nn\", rpm:\"libreoffice-help-nn~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-pl\", rpm:\"libreoffice-help-pl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-pt\", rpm:\"libreoffice-help-pt~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-pt_BR\", rpm:\"libreoffice-help-pt_BR~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-ru\", rpm:\"libreoffice-help-ru~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-si\", rpm:\"libreoffice-help-si~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-sk\", rpm:\"libreoffice-help-sk~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-sl\", rpm:\"libreoffice-help-sl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-sv\", rpm:\"libreoffice-help-sv~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-tr\", rpm:\"libreoffice-help-tr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-uk\", rpm:\"libreoffice-help-uk~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-zh_CN\", rpm:\"libreoffice-help-zh_CN~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-zh_TW\", rpm:\"libreoffice-help-zh_TW~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-impress\", rpm:\"libreoffice-impress~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-java-common\", rpm:\"libreoffice-java-common~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-kde4\", rpm:\"libreoffice-kde4~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-af\", rpm:\"libreoffice-l10n-af~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ar\", rpm:\"libreoffice-l10n-ar~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-as\", rpm:\"libreoffice-l10n-as~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-bg\", rpm:\"libreoffice-l10n-bg~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-bn\", rpm:\"libreoffice-l10n-bn~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-br\", rpm:\"libreoffice-l10n-br~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-bs\", rpm:\"libreoffice-l10n-bs~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ca\", rpm:\"libreoffice-l10n-ca~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-cs\", rpm:\"libreoffice-l10n-cs~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-cy\", rpm:\"libreoffice-l10n-cy~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-da\", rpm:\"libreoffice-l10n-da~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-de\", rpm:\"libreoffice-l10n-de~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-dz\", rpm:\"libreoffice-l10n-dz~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-el\", rpm:\"libreoffice-l10n-el~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-en_GB\", rpm:\"libreoffice-l10n-en_GB~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-es\", rpm:\"libreoffice-l10n-es~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-et\", rpm:\"libreoffice-l10n-et~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-eu\", rpm:\"libreoffice-l10n-eu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-fa\", rpm:\"libreoffice-l10n-fa~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-fi\", rpm:\"libreoffice-l10n-fi~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-fr\", rpm:\"libreoffice-l10n-fr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ga\", rpm:\"libreoffice-l10n-ga~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-gl\", rpm:\"libreoffice-l10n-gl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-gu\", rpm:\"libreoffice-l10n-gu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-he\", rpm:\"libreoffice-l10n-he~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-hi\", rpm:\"libreoffice-l10n-hi~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-hr\", rpm:\"libreoffice-l10n-hr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-hu\", rpm:\"libreoffice-l10n-hu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-it\", rpm:\"libreoffice-l10n-it~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ja\", rpm:\"libreoffice-l10n-ja~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-kn\", rpm:\"libreoffice-l10n-kn~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ko\", rpm:\"libreoffice-l10n-ko~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-lt\", rpm:\"libreoffice-l10n-lt~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-lv\", rpm:\"libreoffice-l10n-lv~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-mai\", rpm:\"libreoffice-l10n-mai~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-mk\", rpm:\"libreoffice-l10n-mk~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ml\", rpm:\"libreoffice-l10n-ml~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-mr\", rpm:\"libreoffice-l10n-mr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-nb\", rpm:\"libreoffice-l10n-nb~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-nl\", rpm:\"libreoffice-l10n-nl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-nn\", rpm:\"libreoffice-l10n-nn~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-nr\", rpm:\"libreoffice-l10n-nr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-nso\", rpm:\"libreoffice-l10n-nso~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-or\", rpm:\"libreoffice-l10n-or~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-pa_IN\", rpm:\"libreoffice-l10n-pa_IN~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-pl\", rpm:\"libreoffice-l10n-pl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-pt\", rpm:\"libreoffice-l10n-pt~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-pt_BR\", rpm:\"libreoffice-l10n-pt_BR~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ro\", rpm:\"libreoffice-l10n-ro~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ru\", rpm:\"libreoffice-l10n-ru~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-sh\", rpm:\"libreoffice-l10n-sh~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-si\", rpm:\"libreoffice-l10n-si~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-sk\", rpm:\"libreoffice-l10n-sk~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-sl\", rpm:\"libreoffice-l10n-sl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-sr\", rpm:\"libreoffice-l10n-sr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ss\", rpm:\"libreoffice-l10n-ss~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-st\", rpm:\"libreoffice-l10n-st~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-sv\", rpm:\"libreoffice-l10n-sv~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ta\", rpm:\"libreoffice-l10n-ta~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-te\", rpm:\"libreoffice-l10n-te~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-th\", rpm:\"libreoffice-l10n-th~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-tn\", rpm:\"libreoffice-l10n-tn~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-tr\", rpm:\"libreoffice-l10n-tr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ts\", rpm:\"libreoffice-l10n-ts~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-uk\", rpm:\"libreoffice-l10n-uk~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ve\", rpm:\"libreoffice-l10n-ve~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-xh\", rpm:\"libreoffice-l10n-xh~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-zh_CN\", rpm:\"libreoffice-l10n-zh_CN~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-zh_TW\", rpm:\"libreoffice-l10n-zh_TW~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-zu\", rpm:\"libreoffice-l10n-zu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-math\", rpm:\"libreoffice-math~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-openclipart\", rpm:\"libreoffice-openclipart~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-pdfimport\", rpm:\"libreoffice-pdfimport~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-presentation-minimizer\", rpm:\"libreoffice-presentation-minimizer~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-presenter-screen\", rpm:\"libreoffice-presenter-screen~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-pyuno\", rpm:\"libreoffice-pyuno~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-style-crystal\", rpm:\"libreoffice-style-crystal~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-style-galaxy\", rpm:\"libreoffice-style-galaxy~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-style-hicontrast\", rpm:\"libreoffice-style-hicontrast~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-style-oxygen\", rpm:\"libreoffice-style-oxygen~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-style-tango\", rpm:\"libreoffice-style-tango~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-testtool\", rpm:\"libreoffice-testtool~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-wiki-publisher\", rpm:\"libreoffice-wiki-publisher~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-writer\", rpm:\"libreoffice-writer~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-11T11:07:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "description": "Check for the Version of libreoffice", "modified": "2018-01-09T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:831599", "href": "http://plugins.openvas.org/nasl.php?oid=831599", "type": "openvas", "title": "Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An XML External Entity expansion flaw was found in the way Raptor\n processed RDF files. If an application linked against Raptor were to\n open a specially-crafted RDF file, it could possibly allow a remote\n attacker to obtain a copy of an arbitrary local file that the user\n running the application had access to. A bug in the way Raptor handled\n external entities could cause that application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application (CVE-2012-0037).\n\n libreoffice for Mandriva Linux 2011 has been upgraded to the 3.4.6\n version which is not vulnerable to this issue.\";\n\ntag_affected = \"libreoffice on Mandriva Linux 2011.0\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:063\");\n script_id(831599);\n script_version(\"$Revision: 8336 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-09 08:01:48 +0100 (Tue, 09 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:52:42 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDVSA\", value: \"2012:063\");\n script_name(\"Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of libreoffice\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libreoffice\", rpm:\"libreoffice~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-base\", rpm:\"libreoffice-base~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-calc\", rpm:\"libreoffice-calc~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-common\", rpm:\"libreoffice-common~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-core\", rpm:\"libreoffice-core~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-devel\", rpm:\"libreoffice-devel~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-devel-doc\", rpm:\"libreoffice-devel-doc~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-draw\", rpm:\"libreoffice-draw~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-filter-binfilter\", rpm:\"libreoffice-filter-binfilter~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-gnome\", rpm:\"libreoffice-gnome~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-bg\", rpm:\"libreoffice-help-bg~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-bn\", rpm:\"libreoffice-help-bn~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-bs\", rpm:\"libreoffice-help-bs~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-ca\", rpm:\"libreoffice-help-ca~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-cs\", rpm:\"libreoffice-help-cs~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-da\", rpm:\"libreoffice-help-da~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-de\", rpm:\"libreoffice-help-de~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-dz\", rpm:\"libreoffice-help-dz~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-el\", rpm:\"libreoffice-help-el~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-en_GB\", rpm:\"libreoffice-help-en_GB~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-en_US\", rpm:\"libreoffice-help-en_US~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-es\", rpm:\"libreoffice-help-es~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-et\", rpm:\"libreoffice-help-et~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-eu\", rpm:\"libreoffice-help-eu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-fi\", rpm:\"libreoffice-help-fi~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-fr\", rpm:\"libreoffice-help-fr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-gl\", rpm:\"libreoffice-help-gl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-gu\", rpm:\"libreoffice-help-gu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-he\", rpm:\"libreoffice-help-he~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-hi\", rpm:\"libreoffice-help-hi~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-hr\", rpm:\"libreoffice-help-hr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-hu\", rpm:\"libreoffice-help-hu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-it\", rpm:\"libreoffice-help-it~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-ja\", rpm:\"libreoffice-help-ja~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-ko\", rpm:\"libreoffice-help-ko~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-mk\", rpm:\"libreoffice-help-mk~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-nb\", rpm:\"libreoffice-help-nb~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-nl\", rpm:\"libreoffice-help-nl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-nn\", rpm:\"libreoffice-help-nn~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-pl\", rpm:\"libreoffice-help-pl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-pt\", rpm:\"libreoffice-help-pt~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-pt_BR\", rpm:\"libreoffice-help-pt_BR~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-ru\", rpm:\"libreoffice-help-ru~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-si\", rpm:\"libreoffice-help-si~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-sk\", rpm:\"libreoffice-help-sk~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-sl\", rpm:\"libreoffice-help-sl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-sv\", rpm:\"libreoffice-help-sv~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-tr\", rpm:\"libreoffice-help-tr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-uk\", rpm:\"libreoffice-help-uk~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-zh_CN\", rpm:\"libreoffice-help-zh_CN~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-help-zh_TW\", rpm:\"libreoffice-help-zh_TW~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-impress\", rpm:\"libreoffice-impress~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-java-common\", rpm:\"libreoffice-java-common~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-kde4\", rpm:\"libreoffice-kde4~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-af\", rpm:\"libreoffice-l10n-af~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ar\", rpm:\"libreoffice-l10n-ar~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-as\", rpm:\"libreoffice-l10n-as~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-bg\", rpm:\"libreoffice-l10n-bg~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-bn\", rpm:\"libreoffice-l10n-bn~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-br\", rpm:\"libreoffice-l10n-br~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-bs\", rpm:\"libreoffice-l10n-bs~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ca\", rpm:\"libreoffice-l10n-ca~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-cs\", rpm:\"libreoffice-l10n-cs~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-cy\", rpm:\"libreoffice-l10n-cy~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-da\", rpm:\"libreoffice-l10n-da~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-de\", rpm:\"libreoffice-l10n-de~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-dz\", rpm:\"libreoffice-l10n-dz~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-el\", rpm:\"libreoffice-l10n-el~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-en_GB\", rpm:\"libreoffice-l10n-en_GB~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-es\", rpm:\"libreoffice-l10n-es~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-et\", rpm:\"libreoffice-l10n-et~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-eu\", rpm:\"libreoffice-l10n-eu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-fa\", rpm:\"libreoffice-l10n-fa~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-fi\", rpm:\"libreoffice-l10n-fi~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-fr\", rpm:\"libreoffice-l10n-fr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ga\", rpm:\"libreoffice-l10n-ga~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-gl\", rpm:\"libreoffice-l10n-gl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-gu\", rpm:\"libreoffice-l10n-gu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-he\", rpm:\"libreoffice-l10n-he~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-hi\", rpm:\"libreoffice-l10n-hi~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-hr\", rpm:\"libreoffice-l10n-hr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-hu\", rpm:\"libreoffice-l10n-hu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-it\", rpm:\"libreoffice-l10n-it~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ja\", rpm:\"libreoffice-l10n-ja~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-kn\", rpm:\"libreoffice-l10n-kn~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ko\", rpm:\"libreoffice-l10n-ko~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-lt\", rpm:\"libreoffice-l10n-lt~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-lv\", rpm:\"libreoffice-l10n-lv~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-mai\", rpm:\"libreoffice-l10n-mai~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-mk\", rpm:\"libreoffice-l10n-mk~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ml\", rpm:\"libreoffice-l10n-ml~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-mr\", rpm:\"libreoffice-l10n-mr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-nb\", rpm:\"libreoffice-l10n-nb~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-nl\", rpm:\"libreoffice-l10n-nl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-nn\", rpm:\"libreoffice-l10n-nn~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-nr\", rpm:\"libreoffice-l10n-nr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-nso\", rpm:\"libreoffice-l10n-nso~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-or\", rpm:\"libreoffice-l10n-or~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-pa_IN\", rpm:\"libreoffice-l10n-pa_IN~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-pl\", rpm:\"libreoffice-l10n-pl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-pt\", rpm:\"libreoffice-l10n-pt~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-pt_BR\", rpm:\"libreoffice-l10n-pt_BR~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ro\", rpm:\"libreoffice-l10n-ro~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ru\", rpm:\"libreoffice-l10n-ru~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-sh\", rpm:\"libreoffice-l10n-sh~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-si\", rpm:\"libreoffice-l10n-si~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-sk\", rpm:\"libreoffice-l10n-sk~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-sl\", rpm:\"libreoffice-l10n-sl~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-sr\", rpm:\"libreoffice-l10n-sr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ss\", rpm:\"libreoffice-l10n-ss~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-st\", rpm:\"libreoffice-l10n-st~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-sv\", rpm:\"libreoffice-l10n-sv~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ta\", rpm:\"libreoffice-l10n-ta~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-te\", rpm:\"libreoffice-l10n-te~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-th\", rpm:\"libreoffice-l10n-th~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-tn\", rpm:\"libreoffice-l10n-tn~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-tr\", rpm:\"libreoffice-l10n-tr~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ts\", rpm:\"libreoffice-l10n-ts~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-uk\", rpm:\"libreoffice-l10n-uk~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-ve\", rpm:\"libreoffice-l10n-ve~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-xh\", rpm:\"libreoffice-l10n-xh~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-zh_CN\", rpm:\"libreoffice-l10n-zh_CN~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-zh_TW\", rpm:\"libreoffice-l10n-zh_TW~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-l10n-zu\", rpm:\"libreoffice-l10n-zu~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-math\", rpm:\"libreoffice-math~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-openclipart\", rpm:\"libreoffice-openclipart~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-pdfimport\", rpm:\"libreoffice-pdfimport~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-presentation-minimizer\", rpm:\"libreoffice-presentation-minimizer~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-presenter-screen\", rpm:\"libreoffice-presenter-screen~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-pyuno\", rpm:\"libreoffice-pyuno~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-style-crystal\", rpm:\"libreoffice-style-crystal~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-style-galaxy\", rpm:\"libreoffice-style-galaxy~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-style-hicontrast\", rpm:\"libreoffice-style-hicontrast~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-style-oxygen\", rpm:\"libreoffice-style-oxygen~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-style-tango\", rpm:\"libreoffice-style-tango~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-testtool\", rpm:\"libreoffice-testtool~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-wiki-publisher\", rpm:\"libreoffice-wiki-publisher~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libreoffice-writer\", rpm:\"libreoffice-writer~3.4.6~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2017-07-24T12:51:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "description": "The remote host is missing an update to raptor\nannounced via advisory DSA 2438-1.", "modified": "2017-07-07T00:00:00", "published": "2012-04-30T00:00:00", "id": "OPENVAS:71242", "href": "http://plugins.openvas.org/nasl.php?oid=71242", "type": "openvas", "title": "Debian Security Advisory DSA 2438-1 (raptor)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2438_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2438-1 (raptor)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that Raptor, a RDF parser and serializer library,\nallows file inclusion through XML entities, resulting in information\ndisclosure.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 1.4.21-2+squeeze1.\n\nFor the unstable distribution (sid), this problem will be fixed soon.\n\nWe recommend that you upgrade your raptor packages.\";\ntag_summary = \"The remote host is missing an update to raptor\nannounced via advisory DSA 2438-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202438-1\";\n\nif(description)\n{\n script_id(71242);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-0037\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-30 07:54:59 -0400 (Mon, 30 Apr 2012)\");\n script_name(\"Debian Security Advisory DSA 2438-1 (raptor)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libraptor1\", ver:\"1.4.21-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libraptor1-dbg\", ver:\"1.4.21-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libraptor1-dev\", ver:\"1.4.21-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libraptor1-doc\", ver:\"1.4.21-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"raptor-utils\", ver:\"1.4.21-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:1361412562310831642", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831642", "type": "openvas", "title": "Mandriva Update for raptor MDVSA-2012:061 (raptor)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for raptor MDVSA-2012:061 (raptor)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:061\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831642\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:58:01 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"MDVSA\", value:\"2012:061\");\n script_name(\"Mandriva Update for raptor MDVSA-2012:061 (raptor)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'raptor'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2|2010\\.1)\");\n script_tag(name:\"affected\", value:\"raptor on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"An XML External Entity expansion flaw was found in the way Raptor\n processed RDF files. If an application linked against Raptor were to\n open a specially-crafted RDF file, it could possibly allow a remote\n attacker to obtain a copy of an arbitrary local file that the user\n running the application had access to. A bug in the way Raptor handled\n external entities could cause that application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application (CVE-2012-0037).\n\n The updated packages have been patched to correct this issue.\n\n raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version\n which is not vulnerable to this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libraptor1\", rpm:\"libraptor1~1.4.21~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libraptor2_0\", rpm:\"libraptor2_0~2.0.7~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libraptor2-devel\", rpm:\"libraptor2-devel~2.0.7~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libraptor-devel\", rpm:\"libraptor-devel~1.4.21~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor\", rpm:\"raptor~1.4.21~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor2\", rpm:\"raptor2~2.0.7~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor2\", rpm:\"raptor2~2.0.7~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor1\", rpm:\"lib64raptor1~1.4.21~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor2_0\", rpm:\"lib64raptor2_0~2.0.7~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor2-devel\", rpm:\"lib64raptor2-devel~2.0.7~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor-devel\", rpm:\"lib64raptor-devel~1.4.21~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libraptor1\", rpm:\"libraptor1~1.4.18~3.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libraptor-devel\", rpm:\"libraptor-devel~1.4.18~3.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor\", rpm:\"raptor~1.4.18~3.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor1\", rpm:\"lib64raptor1~1.4.18~3.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor-devel\", rpm:\"lib64raptor-devel~1.4.18~3.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libraptor1\", rpm:\"libraptor1~1.4.21~5.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libraptor-devel\", rpm:\"libraptor-devel~1.4.21~5.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor\", rpm:\"raptor~1.4.21~5.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor1\", rpm:\"lib64raptor1~1.4.21~5.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor-devel\", rpm:\"lib64raptor-devel~1.4.21~5.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:57:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "description": "Check for the Version of raptor", "modified": "2018-01-01T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:831642", "href": "http://plugins.openvas.org/nasl.php?oid=831642", "type": "openvas", "title": "Mandriva Update for raptor MDVSA-2012:061 (raptor)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for raptor MDVSA-2012:061 (raptor)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"An XML External Entity expansion flaw was found in the way Raptor\n processed RDF files. If an application linked against Raptor were to\n open a specially-crafted RDF file, it could possibly allow a remote\n attacker to obtain a copy of an arbitrary local file that the user\n running the application had access to. A bug in the way Raptor handled\n external entities could cause that application to crash or, possibly,\n execute arbitrary code with the privileges of the user running the\n application (CVE-2012-0037).\n\n The updated packages have been patched to correct this issue.\n\n raptor2 for Mandriva Linux 2011 has been upgraded to the 2.0.7 version\n which is not vulnerable to this issue.\";\n\ntag_affected = \"raptor on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2,\n Mandriva Linux 2010.1\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:061\");\n script_id(831642);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 09:58:01 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"MDVSA\", value: \"2012:061\");\n script_name(\"Mandriva Update for raptor MDVSA-2012:061 (raptor)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of raptor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"libraptor1\", rpm:\"libraptor1~1.4.21~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libraptor2_0\", rpm:\"libraptor2_0~2.0.7~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libraptor2-devel\", rpm:\"libraptor2-devel~2.0.7~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libraptor-devel\", rpm:\"libraptor-devel~1.4.21~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor\", rpm:\"raptor~1.4.21~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor2\", rpm:\"raptor2~2.0.7~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor2\", rpm:\"raptor2~2.0.7~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor1\", rpm:\"lib64raptor1~1.4.21~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor2_0\", rpm:\"lib64raptor2_0~2.0.7~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor2-devel\", rpm:\"lib64raptor2-devel~2.0.7~0.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor-devel\", rpm:\"lib64raptor-devel~1.4.21~5.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"libraptor1\", rpm:\"libraptor1~1.4.18~3.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libraptor-devel\", rpm:\"libraptor-devel~1.4.18~3.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor\", rpm:\"raptor~1.4.18~3.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor1\", rpm:\"lib64raptor1~1.4.18~3.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor-devel\", rpm:\"lib64raptor-devel~1.4.18~3.1mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"MNDK_2010.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"libraptor1\", rpm:\"libraptor1~1.4.21~5.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"libraptor-devel\", rpm:\"libraptor-devel~1.4.21~5.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor\", rpm:\"raptor~1.4.21~5.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor1\", rpm:\"lib64raptor1~1.4.21~5.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"lib64raptor-devel\", rpm:\"lib64raptor-devel~1.4.21~5.1mdv2010.2\", rls:\"MNDK_2010.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:57:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "description": "Check for the Version of raptor", "modified": "2018-01-02T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:881120", "href": "http://plugins.openvas.org/nasl.php?oid=881120", "type": "openvas", "title": "CentOS Update for raptor CESA-2012:0410 centos6 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for raptor CESA-2012:0410 centos6 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Raptor provides parsers for Resource Description Framework (RDF) files.\n\n An XML External Entity expansion flaw was found in the way Raptor processed\n RDF files. If an application linked against Raptor were to open a \n specially-crafted RDF file, it could possibly allow a remote attacker to \n obtain a copy of an arbitrary local file that the user running the\n application had access to. A bug in the way Raptor handled external\n entities could cause that application to crash or, possibly, execute\n arbitrary code with the privileges of the user running the application.\n (CVE-2012-0037)\n \n Red Hat would like to thank Timothy D. Morgan of VSR for reporting this\n issue.\n \n All Raptor users are advised to upgrade to these updated packages, which\n contain a backported patch to correct this issue. All running applications\n linked against Raptor must be restarted for this update to take effect.\";\n\ntag_affected = \"raptor on CentOS 6\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.centos.org/pipermail/centos-announce/2012-March/018518.html\");\n script_id(881120);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 16:13:52 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"CESA\", value: \"2012:0410\");\n script_name(\"CentOS Update for raptor CESA-2012:0410 centos6 \");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of raptor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"raptor\", rpm:\"raptor~1.4.18~5.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"raptor-devel\", rpm:\"raptor-devel~1.4.18~5.el6_2.1\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-11T11:07:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "description": "Check for the Version of raptor2", "modified": "2018-01-10T00:00:00", "published": "2012-04-13T00:00:00", "id": "OPENVAS:864157", "href": "http://plugins.openvas.org/nasl.php?oid=864157", "type": "openvas", "title": "Fedora Update for raptor2 FEDORA-2012-4663", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for raptor2 FEDORA-2012-4663\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"raptor2 on Fedora 16\";\ntag_insight = \"Raptor is the RDF Parser Toolkit for Redland that provides\n a set of standalone RDF parsers, generating triples from RDF/XML\n or N-Triples.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html\");\n script_id(864157);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-04-13 10:32:33 +0530 (Fri, 13 Apr 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-0037\");\n script_xref(name: \"FEDORA\", value: \"2012-4663\");\n script_name(\"Fedora Update for raptor2 FEDORA-2012-4663\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of raptor2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"raptor2\", rpm:\"raptor2~2.0.7~1.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-11T11:07:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0037"], "description": "Check for the Version of raptor", "modified": "2018-01-10T00:00:00", "published": "2012-08-03T00:00:00", "id": "OPENVAS:864584", "href": "http://plugins.openvas.org/nasl.php?oid=864584", "type": "openvas", "title": "Fedora Update for raptor FEDORA-2012-10590", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for raptor FEDORA-2012-10590\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"raptor on Fedora 16\";\ntag_insight = \"Raptor is the RDF Parser Toolkit for Redland that provides\n a set of standalone RDF parsers, generating triples from RDF/XML\n or N-Triples.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-July/084486.html\");\n script_id(864584);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-03 11:15:37 +0530 (Fri, 03 Aug 2012)\");\n script_cve_id(\"CVE-2012-0037\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-10590\");\n script_name(\"Fedora Update for raptor FEDORA-2012-10590\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of raptor\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"raptor\", rpm:\"raptor~1.4.21~12.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037"], "description": "Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. ", "modified": "2012-04-12T02:56:09", "published": "2012-04-12T02:56:09", "id": "FEDORA:9E984222C3", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: raptor2-2.0.7-1.fc17", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037"], "description": "Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. ", "modified": "2012-04-12T11:35:14", "published": "2012-04-12T11:35:14", "id": "FEDORA:CBEC623342", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: raptor2-2.0.7-1.fc16", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037"], "description": "Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. ", "modified": "2012-07-30T22:27:56", "published": "2012-07-30T22:27:56", "id": "FEDORA:6407120E2F", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: raptor-1.4.21-12.fc17", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037"], "description": "Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. ", "modified": "2012-07-30T22:30:12", "published": "2012-07-30T22:30:12", "id": "FEDORA:CA7D12107E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: raptor-1.4.21-12.fc16", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:55", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037", "CVE-2012-2665", "CVE-2011-2713", "CVE-2012-1149"], "description": "### Background\n\nLibreOffice is a full office productivity suite.\n\n### Description\n\nMultiple vulnerabilities have been found in LibreOffice:\n\n * The Microsoft Word Document parser contains an out-of-bounds read error (CVE-2011-2713). \n * The Raptor RDF parser contains an XML External Entity expansion error (CVE-2012-0037). \n * The graphic loading parser contains an integer overflow error which could cause a heap-based buffer overflow (CVE-2012-1149). \n * Multiple errors in the XML manifest handling code could cause a heap-based buffer overflow (CVE-2012-2665). \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted document file using LibreOffice, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll LibreOffice users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/libreoffice-3.5.5.3\"\n \n\nAll users of the LibreOffice binary package should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-office/libreoffice-bin-3.5.5.3\"", "edition": 1, "modified": "2012-09-24T00:00:00", "published": "2012-09-24T00:00:00", "id": "GLSA-201209-05", "href": "https://security.gentoo.org/glsa/201209-05", "type": "gentoo", "title": "LibreOffice: Multiple vulnerabilities", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-06T19:46:15", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0037", "CVE-2009-3302", "CVE-2012-2665", "CVE-2010-3450", "CVE-2009-3301", "CVE-2009-0217", "CVE-2009-0200", "CVE-2009-2949", "CVE-2012-2149", "CVE-2011-2713", "CVE-2006-4339", "CVE-2010-3689", "CVE-2010-4253", "CVE-2012-2334", "CVE-2010-2935", "CVE-2010-3451", "CVE-2010-0395", "CVE-2009-2950", "CVE-2010-3454", "CVE-2010-4643", "CVE-2010-3453", "CVE-2014-0247", "CVE-2010-2936", "CVE-2009-0201", "CVE-2012-1149", "CVE-2010-3452"], "description": "### Background\n\nOpenOffice is the open source version of StarOffice, a full office productivity suite. LibreOffice is a fork of OpenOffice. \n\n### Description\n\nMultiple vulnerabilities have been discovered in OpenOffice and Libreoffice. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted file using OpenOffice, possibly resulting in execution of arbitrary code with the privileges of the process, a Denial of Service condition, execution of arbitrary Python code, authentication bypass, or reading and writing of arbitrary files. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll OpenOffice (binary) users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-office/openoffice-bin-3.5.5.3\"\n \n\nAll LibreOffice users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-office/libreoffice-4.2.5.2\"\n \n\nAll LibreOffice (binary) users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=app-office/libreoffice-bin-4.2.5.2\"\n \n\nWe recommend that users unmerge OpenOffice:\n \n \n # emerge --unmerge \"app-office/openoffice\"", "edition": 1, "modified": "2014-08-31T00:00:00", "published": "2014-08-31T00:00:00", "id": "GLSA-201408-19", "href": "https://security.gentoo.org/glsa/201408-19", "type": "gentoo", "title": "OpenOffice, LibreOffice: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
