Detections
Analytics

Debian DSA-1547-1 : openoffice.org - several vulnerabilities

high Nessus Plugin ID 31969

Synopsis

The remote Debian host is missing a security-related update.

Description

Several security related problems have been discovered in OpenOffice.org, the free office suite. The Common Vulnerabilities and Exposures project identifies the following problems :

 - CVE-2007-5745, CVE-2007-5747 Several bugs have been discovered in the way OpenOffice.org parses Quattro Pro files that may lead to a overflow in the heap potentially leading to the execution of arbitrary code.

 - CVE-2007-5746 Specially crafted EMF files can trigger a buffer overflow in the heap that may lead to the execution of arbitrary code.

 - CVE-2008-0320 A bug has been discovered in the processing of OLE files that can cause a buffer overflow in the heap potentially leading to the execution of arbitrary code.

Recently reported problems in the ICU library are fixed in separate libicu packages with DSA 1511 against which OpenOffice.org is linked.

Solution

Upgrade the openoffice.org packages.

For the old stable distribution (sarge) these problems have been fixed in version 1.1.3-9sarge9.

For the stable distribution (etch) these problems have been fixed in version 2.0.4.dfsg.2-7etch5.

See Also

https://security-tracker.debian.org/tracker/CVE-2007-5745

https://security-tracker.debian.org/tracker/CVE-2007-5747

https://security-tracker.debian.org/tracker/CVE-2007-5746

https://security-tracker.debian.org/tracker/CVE-2008-0320

https://www.debian.org/security/2008/dsa-1547

Plugin Details

Severity: High

ID: 31969

File Name: debian_DSA-1547.nasl

Version: 1.24

Type: local

Agent: unix

Published: 4/18/2008

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:openoffice.org, cpe:/o:debian:debian_linux:3.1, cpe:/o:debian:debian_linux:4.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/17/2008

Exploitable With

Core Impact

Metasploit (OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow)

Reference Information

CVE: CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320

CWE: 119, 189

DSA: 1547