Detections
Analytics

FreeBSD : OpenOffice 4.1.1 -- multiple vulnerabilities (18b3c61b-83de-11e5-905b-ac9e174be3af)

medium Nessus Plugin ID 86775

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Apache OpenOffice Project reports :

A vulnerability in OpenOffice settings of OpenDocument Format files and templates allows silent access to files that are readable from an user account, over-riding the user's default configuration settings.
Once these files are imported into a maliciously-crafted document, the data can be silently hidden in the document and possibly exported to an external party without being observed.

The Apache OpenOffice Project reports :

A crafted ODF document can be used to create a buffer that is too small for the amount of data loaded into it, allowing an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.

The Apache OpenOffice Project reports :

A crafted Microsoft Word DOC file can be used to specify a document buffer that is too small for the amount of data provided for it.
Failure to detect the discrepancy allows an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.

The Apache OpenOffice Project reports :

A crafted Microsoft Word DOC can contain invalid bookmark positions leading to memory corruption when the document is loaded or bookmarks are manipulated. The defect allows an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.

Solution

Update the affected packages.

See Also

http://www.openoffice.org/security/cves/CVE-2015-4551.html

http://www.openoffice.org/security/cves/CVE-2015-5212.html

http://www.openoffice.org/security/cves/CVE-2015-5213.html

http://www.openoffice.org/security/cves/CVE-2015-5214.html

http://www.nessus.org/u?13ad4927

Plugin Details

Severity: Medium

ID: 86775

File Name: freebsd_pkg_18b3c61b83de11e5905bac9e174be3af.nasl

Version: 2.7

Type: local

Published: 11/6/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:apache-openoffice, p-cpe:/a:freebsd:freebsd:apache-openoffice-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 11/5/2015

Vulnerability Publication Date: 11/4/2015

Reference Information

CVE: CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214