Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.61950
Kategorie:Ubuntu Local Security Checks
Titel:Ubuntu USN-677-1 (openoffice.org-amd64)
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing an update to openoffice.org-amd64
announced via advisory USN-677-1.

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

Details follow:

Multiple memory overflow flaws were discovered in OpenOffice.org's handling of
WMF and EMF files. If a user were tricked into opening a specially crafted
document, a remote attacker might be able to execute arbitrary code with user
privileges. (CVE-2008-2237, CVE-2008-2238)

Dmitry E. Oboukhov discovered that senddoc, as included in OpenOffice.org,
created temporary files in an insecure way. Local users could exploit a race
condition to create or overwrite files with the privileges of the user invoking
the program. This issue only affected Ubuntu 8.04 LTS. (CVE-2008-4937)

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
openoffice.org-core 2.0.2-2ubuntu12.7-2

Ubuntu 7.10:
openoffice.org-core 1:2.3.0-1ubuntu5.5

Ubuntu 8.04 LTS:
openoffice.org-common 1:2.4.1-1ubuntu2.1
openoffice.org-core 1:2.4.1-1ubuntu2.1

Ubuntu 8.10:
openoffice.org-core 1:2.4.1-11ubuntu2.1

After a standard system upgrade you need to restart OpenOffice.org to effect
the necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-677-1

Risk factor : Critical

CVSS Score:
9.3

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-2237
BugTraq ID: 31962
http://www.securityfocus.com/bid/31962
Debian Security Information: DSA-1661 (Google Search)
http://www.debian.org/security/2008/dsa-1661
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.html
http://security.gentoo.org/glsa/glsa-200812-13.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10784
http://www.redhat.com/support/errata/RHSA-2008-0939.html
http://www.securitytracker.com/id?1021120
http://secunia.com/advisories/32419
http://secunia.com/advisories/32461
http://secunia.com/advisories/32463
http://secunia.com/advisories/32489
http://secunia.com/advisories/32676
http://secunia.com/advisories/32856
http://secunia.com/advisories/32872
http://secunia.com/advisories/33140
http://sunsolve.sun.com/search/document.do?assetkey=1-26-242627-1
SuSE Security Announcement: SUSE-SR:2008:026 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://www.ubuntu.com/usn/usn-677-1
http://www.ubuntu.com/usn/usn-677-2
http://www.vupen.com/english/advisories/2008/2947
http://www.vupen.com/english/advisories/2008/3103
XForce ISS Database: openoffice-wmf-bo(46165)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46165
Common Vulnerability Exposure (CVE) ID: CVE-2008-2238
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10849
http://www.securitytracker.com/id?1021121
http://sunsolve.sun.com/search/document.do?assetkey=1-26-243226-1
http://www.vupen.com/english/advisories/2008/3153
XForce ISS Database: openoffice-emf-file-bo(46166)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46166
Common Vulnerability Exposure (CVE) ID: CVE-2008-4937
BugTraq ID: 30925
http://www.securityfocus.com/bid/30925
http://www.mandriva.com/security/advisories?name=MDVSA-2009:070
http://uvw.ru/report.lenny.txt
http://www.openwall.com/lists/oss-security/2008/10/30/2
XForce ISS Database: openoffice-senddoc-symlink(44829)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44829
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.