Executive Summary

Summary
Titleraptor security update
Informations
NameDSA-2438First vendor Publication2012-03-22
VendorDebianLast vendor Modification2012-03-22
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure.

For the stable distribution (squeeze), this problem has been fixed in version 1.4.21-2+squeeze1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your raptor packages.

Original Source

Url : http://www.debian.org/security/2012/dsa-2438

CWE : Common Weakness Enumeration

idName
CWE-200Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21474
 
Oval ID: oval:org.mitre.oval:def:21474
Title: RHSA-2012:0411: openoffice.org security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): RHSA-2012:0411-01
CESA-2012:0411
CVE-2012-0037
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21328
 
Oval ID: oval:org.mitre.oval:def:21328
Title: RHSA-2012:0410: raptor security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): RHSA-2012:0410-01
CESA-2012:0410
CVE-2012-0037
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23828
 
Oval ID: oval:org.mitre.oval:def:23828
Title: ELSA-2012:0410: raptor security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): ELSA-2012:0410-01
CVE-2012-0037
Version: 3
Platform(s): Oracle Linux 6
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23158
 
Oval ID: oval:org.mitre.oval:def:23158
Title: ELSA-2012:0411: openoffice.org security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): ELSA-2012:0411-01
CVE-2012-0037
Version: 3
Platform(s): Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2
Application10
Application1

OpenVAS Exploits

DateDescription
2012-09-26Name : Gentoo Security Advisory GLSA 201209-05 (libreoffice)
File : nvt/glsa_201209_05.nasl
2012-08-30Name : Fedora Update for raptor FEDORA-2012-10591
File : nvt/gb_fedora_2012_10591_raptor_fc17.nasl
2012-08-30Name : Fedora Update for raptor2 FEDORA-2012-4629
File : nvt/gb_fedora_2012_4629_raptor2_fc17.nasl
2012-08-03Name : Fedora Update for raptor FEDORA-2012-10590
File : nvt/gb_fedora_2012_10590_raptor_fc16.nasl
2012-08-03Name : Mandriva Update for raptor MDVSA-2012:061 (raptor)
File : nvt/gb_mandriva_MDVSA_2012_061.nasl
2012-08-03Name : Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)
File : nvt/gb_mandriva_MDVSA_2012_063.nasl
2012-07-30Name : CentOS Update for raptor CESA-2012:0410 centos6
File : nvt/gb_CESA-2012_0410_raptor_centos6.nasl
2012-07-30Name : CentOS Update for openoffice.org-base CESA-2012:0411 centos5
File : nvt/gb_CESA-2012_0411_openoffice.org-base_centos5.nasl
2012-07-09Name : RedHat Update for raptor RHSA-2012:0410-01
File : nvt/gb_RHSA-2012_0410-01_raptor.nasl
2012-06-19Name : Ubuntu Update for raptor USN-1480-1
File : nvt/gb_ubuntu_USN_1480_1.nasl
2012-04-30Name : FreeBSD Ports: raptor2
File : nvt/freebsd_raptor2.nasl
2012-04-30Name : Debian Security Advisory DSA 2438-1 (raptor)
File : nvt/deb_2438_1.nasl
2012-04-13Name : Fedora Update for raptor2 FEDORA-2012-4663
File : nvt/gb_fedora_2012_4663_raptor2_fc16.nasl

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0410.nasl - Type : ACT_GATHER_INFO
2013-07-09Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1901-1.nasl - Type : ACT_GATHER_INFO
2012-12-14Name : The remote host has an application installed that is affected by multiple vul...
File : lotus_symphony_3_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2012-09-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-05.nasl - Type : ACT_GATHER_INFO
2012-09-06Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-063.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120322_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120322_raptor_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-31Name : The remote Fedora host is missing a security update.
File : fedora_2012-10590.nasl - Type : ACT_GATHER_INFO
2012-07-31Name : The remote Fedora host is missing a security update.
File : fedora_2012-10591.nasl - Type : ACT_GATHER_INFO
2012-06-19Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1480-1.nasl - Type : ACT_GATHER_INFO
2012-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-061.nasl - Type : ACT_GATHER_INFO
2012-04-13Name : The remote Fedora host is missing a security update.
File : fedora_2012-4663.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote host is running an application affected by a data leakage vulnerab...
File : openoffice_2012_0037.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libreoffice-345-120316.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote host is running an application affected by a data leakage vulnerab...
File : libreoffice_351.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote host is running an application affected by a data leakage vulnerab...
File : macosx_libreoffice_351.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote Fedora host is missing a security update.
File : fedora_2012-4629.nasl - Type : ACT_GATHER_INFO
2012-04-03Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libreoffice-345-8022.nasl - Type : ACT_GATHER_INFO
2012-03-26Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libraptor-devel-120217.nasl - Type : ACT_GATHER_INFO
2012-03-26Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_60f81af3769011e1942300235a5f2c9a.nasl - Type : ACT_GATHER_INFO
2012-03-26Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0410.nasl - Type : ACT_GATHER_INFO
2012-03-26Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0411.nasl - Type : ACT_GATHER_INFO
2012-03-23Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2438.nasl - Type : ACT_GATHER_INFO
2012-03-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0410.nasl - Type : ACT_GATHER_INFO
2012-03-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0411.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:30:57
  • Multiple Updates
2013-04-19 13:21:42
  • Multiple Updates