This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Timothy D. Morgan reports :
In December 2011, VSR identified a vulnerability in multiple open
source office products (including OpenOffice, LibreOffice, KOffice,
and AbiWord) due to unsafe interpretation of XML files with custom
entity declarations. Deeper analysis revealed that the vulnerability
was caused by acceptance of external entities by the libraptor
library, which is used by librdf and is in turn used by these office
In the context of office applications, these vulnerabilities could
allow for XML External Entity (XXE) attacks resulting in file theft
and a loss of user privacy when opening potentially malicious ODF
documents. For other applications which depend on librdf or libraptor,
potentially serious consequences could result from accepting RDF/XML
content from untrusted sources, though the impact may vary widely
depending on the context.
See also :
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 4.3