Scientific Linux Security Update : openoffice.org on SL3.x, SL4.x, SL5.x i386/x86_64

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

CVE-2009-0200 OpenOffice.org Word document Integer Underflow

CVE-2009-0201 OpenOffice.org Word document buffer overflow

An integer underflow flaw and a boundary error flaw, both possibly
leading to a heap-based buffer overflow, were found in the way
OpenOffice.org parses certain records in Microsoft Word documents. An
attacker could create a specially crafted Microsoft Word document,
which once opened by an unsuspecting user, could cause OpenOffice.org
to crash or, potentially, execute arbitrary code with the permissions
of the user running OpenOffice.org. (CVE-2009-0200, CVE-2009-0201)

Allrunning instances of OpenOffice.org applications must be restarted
for this update to take effect.

Note: The openoffice.org2 update for SL4 has been delayed.

See also :

http://www.nessus.org/u?a7a593db

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60661 ()

Bugtraq ID:

CVE ID: CVE-2009-0200
CVE-2009-0201