Executive Summary
Summary | |
---|---|
Title | OpenOffice.org vulnerability |
Informations | |||
---|---|---|---|
Name | USN-949-1 | First vendor Publication | 2010-06-08 |
Vendor | Ubuntu | Last vendor Modification | 2010-06-08 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 9.04 Ubuntu 9.10 Ubuntu 10.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: Ubuntu 9.04: Ubuntu 9.10: Ubuntu 10.04 LTS: After a standard system update you need to restart OpenOffice.org to make all the necessary changes. Details follow: Marc Schoenefeld discovered that OpenOffice.org would run document macros from the macro browser, even when macros were disabled. If a user were tricked into opening a specially crafted document and examining a macro, a remote attacker could execute arbitrary code with user privileges. |
Original Source
Url : http://www.ubuntu.com/usn/USN-949-1 |
OVAL Definitions
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 6 | |
Os | 4 | |
Os | 2 | |
Os | 3 | |
Os | 3 | |
Os | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for openoffice.org-base CESA-2010:0459 centos5 i386 File : nvt/gb_CESA-2010_0459_openoffice.org-base_centos5_i386.nasl |
2011-02-18 | Name : Fedora Update for openoffice.org FEDORA-2011-0837 File : nvt/gb_fedora_2011_0837_openoffice.org_fc13.nasl |
2010-11-16 | Name : Mandriva Update for openoffice.org MDVSA-2010:221 (openoffice.org) File : nvt/gb_mandriva_MDVSA_2010_221.nasl |
2010-06-11 | Name : RedHat Update for openoffice.org RHSA-2010:0459-01 File : nvt/gb_RHSA-2010_0459-01_openoffice.org.nasl |
2010-06-11 | Name : Fedora Update for openoffice.org FEDORA-2010-9576 File : nvt/gb_fedora_2010_9576_openoffice.org_fc12.nasl |
2010-06-11 | Name : Fedora Update for openoffice.org FEDORA-2010-9628 File : nvt/gb_fedora_2010_9628_openoffice.org_fc11.nasl |
2010-06-11 | Name : Fedora Update for openoffice.org FEDORA-2010-9633 File : nvt/gb_fedora_2010_9633_openoffice.org_fc13.nasl |
2010-06-11 | Name : Ubuntu Update for openoffice.org vulnerability USN-949-1 File : nvt/gb_ubuntu_USN_949_1.nasl |
2010-06-10 | Name : Debian Security Advisory DSA 2055-1 (openoffice.org) File : nvt/deb_2055_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65203 | OpenOffice.org (OOo) Scripting IDE Python Code Parsing Arbitrary Code Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-09-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201408-19.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100607_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100607_openoffice_org2_on_SL4_x.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_OpenOffice_org-7079.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_OpenOffice_org-321-100505.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_OpenOffice_org-321-090221.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_OpenOffice_org-321-100624.nasl - Type : ACT_GATHER_INFO |
2010-11-07 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-221.nasl - Type : ACT_GATHER_INFO |
2010-07-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_OpenOffice_org-100622.nasl - Type : ACT_GATHER_INFO |
2010-07-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_OpenOffice_org-base-drivers-postgresql-100622.nasl - Type : ACT_GATHER_INFO |
2010-07-19 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_OpenOffice_org-base-drivers-postgresql-100622.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9628.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9633.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9576.nasl - Type : ACT_GATHER_INFO |
2010-06-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0459.nasl - Type : ACT_GATHER_INFO |
2010-06-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0459.nasl - Type : ACT_GATHER_INFO |
2010-06-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-949-1.nasl - Type : ACT_GATHER_INFO |
2010-06-08 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2055.nasl - Type : ACT_GATHER_INFO |
2010-06-07 | Name : The remote Windows host has an application installed that is affected by mult... File : openoffice_321.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:52 |
|