SUSE-SA:2005:025: OpenOffice_org

medium Nessus Plugin ID 18096

Synopsis

The remote host is missing a vendor-supplied security patch

Description

The remote host is missing the patch for the advisory SUSE-SA:2005:025 (OpenOffice_org).


This security update fixes a buffer overflow in OpenOffice_org Microsoft Word document reader which could allow a remote attacker sending a handcrafted .doc file to execute code as the user opening the document in OpenOffice.

This is tracked by the Mitre CVE ID CVE-2005-0941.


WARNING: The updated packages are very large for distributions before SUSE Linux 9.2 and 9.3.

The minimum download sizes for those are:
SUSE Linux Desktop 1: 47 MB Novell Linux Desktop 9: 41 MB SUSE Linux 8.2: 37 MB SUSE Linux 9.0: 46 MB SUSE Linux 9.1: 50 MB SUSE Linux 9.2: 2.1 MB (using delta rpm) SUSE Linux 9.3: 3.5 MB (using delta rpm)

Solution

http://www.suse.de/security/advisories/2005_25_openoffice_org.html

Plugin Details

Severity: Medium

ID: 18096

File Name: suse_SA_2005_025.nasl

Version: 1.11

Agent: unix

Published: 4/19/2005

Updated: 1/14/2021

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Host/SuSE/rpm-list

Reference Information

CVE: CVE-2005-0941