Test ID:	1.3.6.1.4.1.25623.1.0.68865
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2011:027 (openoffice.org)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to openoffice.org announced via advisory MDVSA-2011:027. Multiple vulnerabilities were discovered and corrected in OpenOffice.org: Multiple directory traversal vulnerabilities allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in an XSLT JAR filter description file, an Extension (aka OXT) file, or unspecified other JAR or ZIP files (CVE-2010-3450). Use-after-free vulnerability in oowriter allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via malformed tables in an RTF document (CVE-2010-3451). Use-after-free vulnerability in oowriter allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted tags in an RTF document (CVE-2010-3452). The WW8ListManager::WW8ListManager function in oowriter does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write (CVE-2010-3453). Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write (CVE-2010-3454). soffice places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-3689). Heap-based buffer overflow in Impress allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document (CVE-2010-4253). Heap-based buffer overflow in Impress allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TGA file in an ODF or Microsoft Office document (CVE-2010-4643). OpenOffice.org packages have been updated in order to fix these issues. Additionally openoffice.org-voikko packages that require OpenOffice.org are also being provided and voikko package is upgraded from 2.0 to 2.2.1 version in MES5.1. Affected: 2009.0, 2010.0, 2010.1, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:027 Risk factor : Critical CVSS Score: 9.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3450 1025002 http://www.securitytracker.com/id?1025002 40775 http://secunia.com/advisories/40775 42999 http://secunia.com/advisories/42999 43065 http://secunia.com/advisories/43065 43105 http://secunia.com/advisories/43105 43118 http://secunia.com/advisories/43118 46031 http://www.securityfocus.com/bid/46031 60799 http://secunia.com/advisories/60799 70711 http://osvdb.org/70711 ADV-2011-0230 http://www.vupen.com/english/advisories/2011/0230 ADV-2011-0232 http://www.vupen.com/english/advisories/2011/0232 ADV-2011-0279 http://www.vupen.com/english/advisories/2011/0279 DSA-2151 http://www.debian.org/security/2011/dsa-2151 GLSA-201408-19 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml MDVSA-2011:027 http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 RHSA-2011:0181 http://www.redhat.com/support/errata/RHSA-2011-0181.html RHSA-2011:0182 http://www.redhat.com/support/errata/RHSA-2011-0182.html USN-1056-1 http://ubuntu.com/usn/usn-1056-1 http://www.openoffice.org/security/cves/CVE-2010-3450.html http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html https://bugzilla.redhat.com/show_bug.cgi?id=602324 Common Vulnerability Exposure (CVE) ID: CVE-2010-3451 70712 http://osvdb.org/70712 http://www.cs.brown.edu/people/drosenbe/research.html http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html http://www.vsecurity.com/resources/advisory/20110126-1 https://bugzilla.redhat.com/show_bug.cgi?id=641282 ooo-rtf-ce(65030) https://exchange.xforce.ibmcloud.com/vulnerabilities/65030 Common Vulnerability Exposure (CVE) ID: CVE-2010-3452 70713 http://osvdb.org/70713 https://bugzilla.redhat.com/show_bug.cgi?id=640241 ooo-oowriter-ce(65031) https://exchange.xforce.ibmcloud.com/vulnerabilities/65031 Common Vulnerability Exposure (CVE) ID: CVE-2010-3453 70714 http://osvdb.org/70714 http://www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html https://bugzilla.redhat.com/show_bug.cgi?id=640950 Common Vulnerability Exposure (CVE) ID: CVE-2010-3454 70715 http://osvdb.org/70715 https://bugzilla.redhat.com/show_bug.cgi?id=640954 Common Vulnerability Exposure (CVE) ID: CVE-2010-3689 1025004 http://www.securitytracker.com/id?1025004 70716 http://osvdb.org/70716 http://www.openoffice.org/security/cves/CVE-2010-3689.html https://bugzilla.redhat.com/show_bug.cgi?id=641224 Common Vulnerability Exposure (CVE) ID: CVE-2010-4253 70717 http://osvdb.org/70717 http://www.openoffice.org/security/cves/CVE-2010-4253.html https://bugzilla.redhat.com/show_bug.cgi?id=658259 Common Vulnerability Exposure (CVE) ID: CVE-2010-4643 70718 http://osvdb.org/70718 http://www.openoffice.org/security/cves/CVE-2010-4643.html https://bugzilla.redhat.com/show_bug.cgi?id=667588 ooo-tga-bo(65441) https://exchange.xforce.ibmcloud.com/vulnerabilities/65441
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.