Executive Summary

Summary
Title raptor security update
Informations
Name DSA-2438 First vendor Publication 2012-03-22
Vendor Debian Last vendor Modification 2012-03-22
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure.

For the stable distribution (squeeze), this problem has been fixed in version 1.4.21-2+squeeze1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your raptor packages.

Original Source

Url : http://www.debian.org/security/2012/dsa-2438

CWE : Common Weakness Enumeration

idName
CWE-200Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21474
 
Oval ID: oval:org.mitre.oval:def:21474
Title: RHSA-2012:0411: openoffice.org security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): RHSA-2012:0411-01
CESA-2012:0411
CVE-2012-0037
Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openoffice.org
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21328
 
Oval ID: oval:org.mitre.oval:def:21328
Title: RHSA-2012:0410: raptor security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): RHSA-2012:0410-01
CESA-2012:0410
CVE-2012-0037
Version: 4
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21265
 
Oval ID: oval:org.mitre.oval:def:21265
Title: USN-1901-1 -- raptor2 vulnerability
Description: Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file.
Family: unix Class: patch
Reference(s): USN-1901-1
CVE-2012-0037
Version: 5
Platform(s): Ubuntu 12.04
Product(s): raptor2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16854
 
Oval ID: oval:org.mitre.oval:def:16854
Title: USN-1480-1 -- Raptor vulnerability
Description: Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file.
Family: unix Class: patch
Reference(s): usn-1480-1
CVE-2012-0037
Version: 7
Platform(s): Ubuntu 12.04
Ubuntu 11.04
Ubuntu 11.10
Ubuntu 10.04
Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15215
 
Oval ID: oval:org.mitre.oval:def:15215
Title: DSA-2438-1 raptor -- programming error
Description: It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure.
Family: unix Class: patch
Reference(s): DSA-2438-1
CVE-2012-0037
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23828
 
Oval ID: oval:org.mitre.oval:def:23828
Title: ELSA-2012:0410: raptor security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): ELSA-2012:0410-01
CVE-2012-0037
Version: 6
Platform(s): Oracle Linux 6
Product(s): raptor
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23158
 
Oval ID: oval:org.mitre.oval:def:23158
Title: ELSA-2012:0411: openoffice.org security update (Important)
Description: Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document.
Family: unix Class: patch
Reference(s): ELSA-2012:0411-01
CVE-2012-0037
Version: 6
Platform(s): Oracle Linux 5
Product(s): openoffice.org
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application2
Application10
Application1

OpenVAS Exploits

DateDescription
2012-09-26Name : Gentoo Security Advisory GLSA 201209-05 (libreoffice)
File : nvt/glsa_201209_05.nasl
2012-08-30Name : Fedora Update for raptor FEDORA-2012-10591
File : nvt/gb_fedora_2012_10591_raptor_fc17.nasl
2012-08-30Name : Fedora Update for raptor2 FEDORA-2012-4629
File : nvt/gb_fedora_2012_4629_raptor2_fc17.nasl
2012-08-03Name : Fedora Update for raptor FEDORA-2012-10590
File : nvt/gb_fedora_2012_10590_raptor_fc16.nasl
2012-08-03Name : Mandriva Update for raptor MDVSA-2012:061 (raptor)
File : nvt/gb_mandriva_MDVSA_2012_061.nasl
2012-08-03Name : Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice)
File : nvt/gb_mandriva_MDVSA_2012_063.nasl
2012-07-30Name : CentOS Update for raptor CESA-2012:0410 centos6
File : nvt/gb_CESA-2012_0410_raptor_centos6.nasl
2012-07-30Name : CentOS Update for openoffice.org-base CESA-2012:0411 centos5
File : nvt/gb_CESA-2012_0411_openoffice.org-base_centos5.nasl
2012-07-09Name : RedHat Update for raptor RHSA-2012:0410-01
File : nvt/gb_RHSA-2012_0410-01_raptor.nasl
2012-06-19Name : Ubuntu Update for raptor USN-1480-1
File : nvt/gb_ubuntu_USN_1480_1.nasl
2012-04-30Name : FreeBSD Ports: raptor2
File : nvt/freebsd_raptor2.nasl
2012-04-30Name : Debian Security Advisory DSA 2438-1 (raptor)
File : nvt/deb_2438_1.nasl
2012-04-13Name : Fedora Update for raptor2 FEDORA-2012-4663
File : nvt/gb_fedora_2012_4663_raptor2_fc16.nasl

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-183.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : openSUSE-2012-187.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0410.nasl - Type : ACT_GATHER_INFO
2013-07-09Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1901-1.nasl - Type : ACT_GATHER_INFO
2012-12-14Name : The remote host has an application installed that is affected by multiple vul...
File : lotus_symphony_3_0_1_fp2.nasl - Type : ACT_GATHER_INFO
2012-09-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201209-05.nasl - Type : ACT_GATHER_INFO
2012-09-06Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-063.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120322_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20120322_raptor_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-07-31Name : The remote Fedora host is missing a security update.
File : fedora_2012-10590.nasl - Type : ACT_GATHER_INFO
2012-07-31Name : The remote Fedora host is missing a security update.
File : fedora_2012-10591.nasl - Type : ACT_GATHER_INFO
2012-06-19Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-1480-1.nasl - Type : ACT_GATHER_INFO
2012-04-23Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2012-061.nasl - Type : ACT_GATHER_INFO
2012-04-13Name : The remote Fedora host is missing a security update.
File : fedora_2012-4663.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote host is running an application affected by a data leakage vulnerab...
File : openoffice_2012_0037.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libreoffice-345-120316.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote host is running an application affected by a data leakage vulnerab...
File : libreoffice_351.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote host is running an application affected by a data leakage vulnerab...
File : macosx_libreoffice_351.nasl - Type : ACT_GATHER_INFO
2012-04-12Name : The remote Fedora host is missing a security update.
File : fedora_2012-4629.nasl - Type : ACT_GATHER_INFO
2012-04-03Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_libreoffice-345-8022.nasl - Type : ACT_GATHER_INFO
2012-03-26Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_libraptor-devel-120217.nasl - Type : ACT_GATHER_INFO
2012-03-26Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_60f81af3769011e1942300235a5f2c9a.nasl - Type : ACT_GATHER_INFO
2012-03-26Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0410.nasl - Type : ACT_GATHER_INFO
2012-03-26Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0411.nasl - Type : ACT_GATHER_INFO
2012-03-23Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2438.nasl - Type : ACT_GATHER_INFO
2012-03-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0410.nasl - Type : ACT_GATHER_INFO
2012-03-23Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0411.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:30:57
  • Multiple Updates
2013-04-19 13:21:42
  • Multiple Updates