Executive Summary
Summary | |
---|---|
Title | Raptor vulnerability |
Informations | |||
---|---|---|---|
Name | USN-1480-1 | First vendor Publication | 2012-06-18 |
Vendor | Ubuntu | Last vendor Modification | 2012-06-18 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.04 LTS Summary: Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file. Software Description: - raptor: Raptor RDF parser and serializer library Details: Timothy D. Morgan discovered that Raptor would unconditionally load XML external entities. If a user were tricked into opening a specially crafted document in an application linked against Raptor, an attacker could possibly obtain access to arbitrary files on the user's system or potentially execute arbitrary code with the privileges of the user invoking the program. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: Ubuntu 11.10: Ubuntu 11.04: Ubuntu 10.04 LTS: After a standard system update you need to restart any applications which use Raptor, such as OpenOffice.org or LibreOffice, to make all the necessary changes. References: Package Information: |
Original Source
Url : http://www.ubuntu.com/usn/USN-1480-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-611 | Information Leak Through XML External Entity File Disclosure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15215 | |||
Oval ID: | oval:org.mitre.oval:def:15215 | ||
Title: | DSA-2438-1 raptor -- programming error | ||
Description: | It was discovered that Raptor, a RDF parser and serializer library, allows file inclusion through XML entities, resulting in information disclosure. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2438-1 CVE-2012-0037 | Version: | 5 |
Platform(s): | Debian GNU/Linux 6.0 Debian GNU/kFreeBSD 6.0 | Product(s): | raptor |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16854 | |||
Oval ID: | oval:org.mitre.oval:def:16854 | ||
Title: | USN-1480-1 -- Raptor vulnerability | ||
Description: | Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | usn-1480-1 CVE-2012-0037 | Version: | 7 |
Platform(s): | Ubuntu 12.04 Ubuntu 11.04 Ubuntu 11.10 Ubuntu 10.04 | Product(s): | raptor |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21265 | |||
Oval ID: | oval:org.mitre.oval:def:21265 | ||
Title: | USN-1901-1 -- raptor2 vulnerability | ||
Description: | Applications using Raptor could be made to expose sensitive information or run programs as your login if they opened a specially crafted file. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1901-1 CVE-2012-0037 | Version: | 5 |
Platform(s): | Ubuntu 12.04 | Product(s): | raptor2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21328 | |||
Oval ID: | oval:org.mitre.oval:def:21328 | ||
Title: | RHSA-2012:0410: raptor security update (Important) | ||
Description: | Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0410-01 CESA-2012:0410 CVE-2012-0037 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | raptor |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23828 | |||
Oval ID: | oval:org.mitre.oval:def:23828 | ||
Title: | ELSA-2012:0410: raptor security update (Important) | ||
Description: | Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 and 3.4 Beta, LibreOffice before 3.4.6 and 3.5.x before 3.5.1, and other products, allows user-assisted remote attackers to read arbitrary files via a crafted XML external entity (XXE) declaration and reference in an RDF document. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0410-01 CVE-2012-0037 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | raptor |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27837 | |||
Oval ID: | oval:org.mitre.oval:def:27837 | ||
Title: | DEPRECATED: ELSA-2012-0410 -- raptor security update (important) | ||
Description: | [1.4.18-5.1] - Fixed XML entity expansion that could lead to information disclosure (CVE-2012-0037) Resolves: rhbz#804496 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0410 CVE-2012-0037 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | raptor |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-09-26 | Name : Gentoo Security Advisory GLSA 201209-05 (libreoffice) File : nvt/glsa_201209_05.nasl |
2012-08-30 | Name : Fedora Update for raptor FEDORA-2012-10591 File : nvt/gb_fedora_2012_10591_raptor_fc17.nasl |
2012-08-30 | Name : Fedora Update for raptor2 FEDORA-2012-4629 File : nvt/gb_fedora_2012_4629_raptor2_fc17.nasl |
2012-08-03 | Name : Fedora Update for raptor FEDORA-2012-10590 File : nvt/gb_fedora_2012_10590_raptor_fc16.nasl |
2012-08-03 | Name : Mandriva Update for raptor MDVSA-2012:061 (raptor) File : nvt/gb_mandriva_MDVSA_2012_061.nasl |
2012-08-03 | Name : Mandriva Update for libreoffice MDVSA-2012:063 (libreoffice) File : nvt/gb_mandriva_MDVSA_2012_063.nasl |
2012-07-30 | Name : CentOS Update for raptor CESA-2012:0410 centos6 File : nvt/gb_CESA-2012_0410_raptor_centos6.nasl |
2012-07-30 | Name : CentOS Update for openoffice.org-base CESA-2012:0411 centos5 File : nvt/gb_CESA-2012_0411_openoffice.org-base_centos5.nasl |
2012-07-09 | Name : RedHat Update for raptor RHSA-2012:0410-01 File : nvt/gb_RHSA-2012_0410-01_raptor.nasl |
2012-06-19 | Name : Ubuntu Update for raptor USN-1480-1 File : nvt/gb_ubuntu_USN_1480_1.nasl |
2012-04-30 | Name : Debian Security Advisory DSA 2438-1 (raptor) File : nvt/deb_2438_1.nasl |
2012-04-30 | Name : FreeBSD Ports: raptor2 File : nvt/freebsd_raptor2.nasl |
2012-04-13 | Name : Fedora Update for raptor2 FEDORA-2012-4663 File : nvt/gb_fedora_2012_4663_raptor2_fc16.nasl |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-09-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-187.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-183.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0410.nasl - Type : ACT_GATHER_INFO |
2013-07-09 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1901-1.nasl - Type : ACT_GATHER_INFO |
2012-12-14 | Name : The remote host has an application installed that is affected by multiple vul... File : lotus_symphony_3_0_1_fp2.nasl - Type : ACT_GATHER_INFO |
2012-09-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201209-05.nasl - Type : ACT_GATHER_INFO |
2012-09-06 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-063.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120322_raptor_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120322_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-07-31 | Name : The remote Fedora host is missing a security update. File : fedora_2012-10591.nasl - Type : ACT_GATHER_INFO |
2012-07-31 | Name : The remote Fedora host is missing a security update. File : fedora_2012-10590.nasl - Type : ACT_GATHER_INFO |
2012-06-19 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1480-1.nasl - Type : ACT_GATHER_INFO |
2012-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2012-061.nasl - Type : ACT_GATHER_INFO |
2012-04-13 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4663.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote host is running an application affected by a data leakage vulnerab... File : openoffice_2012_0037.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libreoffice-345-120316.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote host is running an application affected by a data leakage vulnerab... File : macosx_libreoffice_351.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote host is running an application affected by a data leakage vulnerab... File : libreoffice_351.nasl - Type : ACT_GATHER_INFO |
2012-04-12 | Name : The remote Fedora host is missing a security update. File : fedora_2012-4629.nasl - Type : ACT_GATHER_INFO |
2012-04-03 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libreoffice-345-8022.nasl - Type : ACT_GATHER_INFO |
2012-03-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0410.nasl - Type : ACT_GATHER_INFO |
2012-03-26 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libraptor-devel-120217.nasl - Type : ACT_GATHER_INFO |
2012-03-26 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_60f81af3769011e1942300235a5f2c9a.nasl - Type : ACT_GATHER_INFO |
2012-03-26 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0411.nasl - Type : ACT_GATHER_INFO |
2012-03-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0411.nasl - Type : ACT_GATHER_INFO |
2012-03-23 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0410.nasl - Type : ACT_GATHER_INFO |
2012-03-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2438.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:00:17 |
|
2013-04-19 13:22:12 |
|