English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.68989
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-2151-1)
Summary:The remote host is missing an update for the Debian 'openoffice.org' package(s) announced via the DSA-2151-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'openoffice.org' package(s) announced via the DSA-2151-1 advisory.

Vulnerability Insight:
Several security related problems have been discovered in the OpenOffice.org package that allows malformed documents to trick the system into crashes or even the execution of arbitrary code.

CVE-2010-3450

During an internal security audit within Red Hat, a directory traversal vulnerability has been discovered in the way OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If a local user is tricked into opening a specially-crafted OOo XML filters package file, this problem could allow remote attackers to create or overwrite arbitrary files belonging to local user or, potentially, execute arbitrary code.

CVE-2010-3451

During his work as a consultant at Virtual Security Research (VSR), Dan Rosenberg discovered a vulnerability in OpenOffice.org's RTF parsing functionality. Opening a maliciously crafted RTF document can cause an out-of-bounds memory read into previously allocated heap memory, which may lead to the execution of arbitrary code.

CVE-2010-3452

Dan Rosenberg discovered a vulnerability in the RTF file parser which can be leveraged by attackers to achieve arbitrary code execution by convincing a victim to open a maliciously crafted RTF file.

CVE-2010-3453

As part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8ListManager::WW8ListManager() function of OpenOffice.org that allows a maliciously crafted file to cause the execution of arbitrary code.

CVE-2010-3454

As part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8DopTypography::ReadFromMem() function in OpenOffice.org that may be exploited by a maliciously crafted file which allows an attacker to control program flow and potentially execute arbitrary code.

CVE-2010-3689

Dmitri Gribenko discovered that the soffice script does not treat an empty LD_LIBRARY_PATH variable like an unset one, which may lead to the execution of arbitrary code.

CVE-2010-4253

A heap based buffer overflow has been discovered with unknown impact.

CVE-2010-4643

A vulnerability has been discovered in the way OpenOffice.org handles TGA graphics which can be tricked by a specially crafted TGA file that could cause the program to crash due to a heap-based buffer overflow with unknown impact.

For the stable distribution (lenny) these problems have been fixed in version 2.4.1+dfsg-1+lenny11.

For the upcoming stable distribution (squeeze) these problems have been fixed in version 3.2.1-11+squeeze1.

For the unstable distribution (sid) these problems have been fixed in version 3.2.1-11+squeeze1.

For the experimental distribution these problems have been fixed in version 3.3.0~
rc3-1.

We recommend that you upgrade your OpenOffice.org packages.

Affected Software/OS:
'openoffice.org' package(s) on Debian 5.

Solution:
Please install the updated package(s).

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2010-3450
1025002
http://www.securitytracker.com/id?1025002
40775
http://secunia.com/advisories/40775
42999
http://secunia.com/advisories/42999
43065
http://secunia.com/advisories/43065
43105
http://secunia.com/advisories/43105
43118
http://secunia.com/advisories/43118
46031
http://www.securityfocus.com/bid/46031
60799
http://secunia.com/advisories/60799
70711
http://osvdb.org/70711
ADV-2011-0230
http://www.vupen.com/english/advisories/2011/0230
ADV-2011-0232
http://www.vupen.com/english/advisories/2011/0232
ADV-2011-0279
http://www.vupen.com/english/advisories/2011/0279
DSA-2151
http://www.debian.org/security/2011/dsa-2151
GLSA-201408-19
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml
MDVSA-2011:027
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027
RHSA-2011:0181
http://www.redhat.com/support/errata/RHSA-2011-0181.html
RHSA-2011:0182
http://www.redhat.com/support/errata/RHSA-2011-0182.html
USN-1056-1
http://ubuntu.com/usn/usn-1056-1
http://www.openoffice.org/security/cves/CVE-2010-3450.html
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
https://bugzilla.redhat.com/show_bug.cgi?id=602324
Common Vulnerability Exposure (CVE) ID: CVE-2010-3451
70712
http://osvdb.org/70712
http://www.cs.brown.edu/people/drosenbe/research.html
http://www.openoffice.org/security/cves/CVE-2010-3451_CVE-2010-3452.html
http://www.vsecurity.com/resources/advisory/20110126-1
https://bugzilla.redhat.com/show_bug.cgi?id=641282
ooo-rtf-ce(65030)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65030
Common Vulnerability Exposure (CVE) ID: CVE-2010-3452
70713
http://osvdb.org/70713
https://bugzilla.redhat.com/show_bug.cgi?id=640241
ooo-oowriter-ce(65031)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65031
Common Vulnerability Exposure (CVE) ID: CVE-2010-3453
70714
http://osvdb.org/70714
http://www.openoffice.org/security/cves/CVE-2010-3453_CVE-2010-3454.html
https://bugzilla.redhat.com/show_bug.cgi?id=640950
Common Vulnerability Exposure (CVE) ID: CVE-2010-3454
70715
http://osvdb.org/70715
https://bugzilla.redhat.com/show_bug.cgi?id=640954
Common Vulnerability Exposure (CVE) ID: CVE-2010-3689
1025004
http://www.securitytracker.com/id?1025004
70716
http://osvdb.org/70716
http://www.openoffice.org/security/cves/CVE-2010-3689.html
https://bugzilla.redhat.com/show_bug.cgi?id=641224
Common Vulnerability Exposure (CVE) ID: CVE-2010-4253
70717
http://osvdb.org/70717
http://www.openoffice.org/security/cves/CVE-2010-4253.html
https://bugzilla.redhat.com/show_bug.cgi?id=658259
Common Vulnerability Exposure (CVE) ID: CVE-2010-4643
70718
http://osvdb.org/70718
http://www.openoffice.org/security/cves/CVE-2010-4643.html
https://bugzilla.redhat.com/show_bug.cgi?id=667588
ooo-tga-bo(65441)
https://exchange.xforce.ibmcloud.com/vulnerabilities/65441
CopyrightCopyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.