Executive Summary
Summary | |
---|---|
Title | OpenOffice.org vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-313-2 | First vendor Publication | 2006-07-19 |
Vendor | Ubuntu | Last vendor Modification | 2006-07-19 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: USN-313-1 fixed several vulnerabilities in OpenOffice for Ubuntu 5.04 and Ubuntu 6.06 LTS. This followup advisory provides the corresponding update for Ubuntu 5.10. For reference, these are the details of the original USN: It was possible to embed Basic macros in documents in a way that |
Original Source
Url : http://www.ubuntu.com/usn/USN-313-2 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11082 | |||
Oval ID: | oval:org.mitre.oval:def:11082 | ||
Title: | OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. | ||
Description: | OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-2198 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11338 | |||
Oval ID: | oval:org.mitre.oval:def:11338 | ||
Title: | Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. | ||
Description: | Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-2199 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9704 | |||
Oval ID: | oval:org.mitre.oval:def:9704 | ||
Title: | Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability." | ||
Description: | Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability." | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2006-3117 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-02-27 | Name : Fedora Update for openoffice.org FEDORA-2007-005 (FC5) File : nvt/gb_fedora_2007_005_openoffice.org_fc5.nasl |
2009-02-27 | Name : Fedora Update for openoffice.org FEDORA-2007-005 FC(6) File : nvt/gb_fedora_2007_005_openoffice.org_fc6.nasl |
2009-02-27 | Name : Fedora Update for openoffice.org FEDORA-2007-375 File : nvt/gb_fedora_2007_375_openoffice.org_fc5.nasl |
2009-02-27 | Name : Fedora Update for openoffice.org FEDORA-2007-606 File : nvt/gb_fedora_2007_606_openoffice.org_fc5.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200607-12 (OpenOffice.org) File : nvt/glsa_200607_12.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1104-1 (openoffice.org) File : nvt/deb_1104_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1104-2 (openoffice.org) File : nvt/deb_1104_2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
26945 | OpenOffice.org (OOo) Writer XML Document Processing Overflow |
26944 | OpenOffice.org (OOo) Math XML Document Processing Overflow |
26943 | OpenOffice.org (OOo) Impress XML Document Processing Overflow |
26942 | OpenOffice.org (OOo) Draw XML Document Processing Overflow |
26941 | OpenOffice.org (OOo) Calc XML Document Processing Overflow |
26940 | OpenOffice.org (OOo) Document BASIC Macro Arbitrary Command Execution |
26939 | OpenOffice.org (OOo) Java Applets Unspecified Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-313-1.nasl - Type : ACT_GATHER_INFO |
2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-313-2.nasl - Type : ACT_GATHER_INFO |
2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_OpenOffice_org-1698.nasl - Type : ACT_GATHER_INFO |
2007-02-18 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2006_040.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-764.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-770.nasl - Type : ACT_GATHER_INFO |
2007-01-17 | Name : The remote Fedora Core host is missing one or more security updates. File : fedora_2007-005.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1104.nasl - Type : ACT_GATHER_INFO |
2006-07-29 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200607-12.nasl - Type : ACT_GATHER_INFO |
2006-07-10 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-118.nasl - Type : ACT_GATHER_INFO |
2006-07-04 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0573.nasl - Type : ACT_GATHER_INFO |
2006-07-04 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0573.nasl - Type : ACT_GATHER_INFO |
2006-06-30 | Name : Arbitrary code can be executed on the remote host through OpenOffice.org. File : openoffice_org_203.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:03:36 |
|
2013-05-11 12:25:31 |
|