Detections
Analytics
Ubuntu 9.04 : koffice vulnerabilities (USN-973-1)
critical Nessus Plugin ID 48362
Language:
Synopsis
The remote Ubuntu host is missing one or more security-related patches.Description
Will Dormann, Alin Rad Pop, Braden Thomas, and Drew Yao discovered that the Xpdf used in KOffice contained multiple security issues in its JBIG2 decoder. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-0146, CVE-2009-0147, CVE-2009-0166, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181)It was discovered that the Xpdf used in KOffice contained multiple security issues when parsing malformed PDF documents. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service or execute arbitrary code with privileges of the user invoking the program. (CVE-2009-3606, CVE-2009-3608, CVE-2009-3609)
KOffice in Ubuntu 9.04 uses a very old version of Xpdf to import PDFs into KWord. Upstream KDE no longer supports PDF import in KOffice and as a result it was dropped in Ubuntu 9.10. While an attempt was made to fix the above issues, the maintenance burden for supporting this very old version of Xpdf outweighed its utility, and PDF import is now also disabled in Ubuntu 9.04.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
Solution
Update the affected packages.See Also
Plugin Details
Severity: Critical
ID: 48362
File Name: ubuntu_USN-973-1.nasl
Version: 1.12
Type: local
Agent: unix
Family: Ubuntu Local Security Checks
Published: 8/18/2010
Updated: 9/19/2019
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:canonical:ubuntu_linux:koffice-dbg, p-cpe:/a:canonical:ubuntu_linux:koffice-dev, p-cpe:/a:canonical:ubuntu_linux:karbon, p-cpe:/a:canonical:ubuntu_linux:kword-data, p-cpe:/a:canonical:ubuntu_linux:koshell, p-cpe:/a:canonical:ubuntu_linux:koffice-doc, p-cpe:/a:canonical:ubuntu_linux:koffice-data, cpe:/o:canonical:ubuntu_linux:9.04, p-cpe:/a:canonical:ubuntu_linux:koffice-doc-html, p-cpe:/a:canonical:ubuntu_linux:kformula, p-cpe:/a:canonical:ubuntu_linux:koffice-libs, p-cpe:/a:canonical:ubuntu_linux:kplato, p-cpe:/a:canonical:ubuntu_linux:krita, p-cpe:/a:canonical:ubuntu_linux:kthesaurus, p-cpe:/a:canonical:ubuntu_linux:kpresenter-data, p-cpe:/a:canonical:ubuntu_linux:kugar, p-cpe:/a:canonical:ubuntu_linux:kchart, p-cpe:/a:canonical:ubuntu_linux:kivio, p-cpe:/a:canonical:ubuntu_linux:kspread, p-cpe:/a:canonical:ubuntu_linux:koffice, p-cpe:/a:canonical:ubuntu_linux:kivio-data, p-cpe:/a:canonical:ubuntu_linux:kword, p-cpe:/a:canonical:ubuntu_linux:kexi, p-cpe:/a:canonical:ubuntu_linux:krita-data, p-cpe:/a:canonical:ubuntu_linux:kpresenter
Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 8/17/2010
Vulnerability Publication Date: 4/23/2009
Reference Information
CVE: CVE-2009-0146, CVE-2009-0147, CVE-2009-0165, CVE-2009-0166, CVE-2009-0195, CVE-2009-0799, CVE-2009-0800, CVE-2009-1179, CVE-2009-1180, CVE-2009-1181, CVE-2009-3606, CVE-2009-3608, CVE-2009-3609