FreeBSD : OpenOffice 4.1.1 -- multiple vulnerabilities (18b3c61b-83de-11e5-905b-ac9e174be3af)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Apache OpenOffice Project reports :

A vulnerability in OpenOffice settings of OpenDocument Format files
and templates allows silent access to files that are readable from an
user account, over-riding the user's default configuration settings.
Once these files are imported into a maliciously-crafted document, the
data can be silently hidden in the document and possibly exported to
an external party without being observed.

The Apache OpenOffice Project reports :

A crafted ODF document can be used to create a buffer that is too
small for the amount of data loaded into it, allowing an attacker to
cause denial of service (memory corruption and application crash) and
possible execution of arbitrary code.

The Apache OpenOffice Project reports :

A crafted Microsoft Word DOC file can be used to specify a document
buffer that is too small for the amount of data provided for it.
Failure to detect the discrepancy allows an attacker to cause denial
of service (memory corruption and application crash) and possible
execution of arbitrary code.

The Apache OpenOffice Project reports :

A crafted Microsoft Word DOC can contain invalid bookmark positions
leading to memory corruption when the document is loaded or bookmarks
are manipulated. The defect allows an attacker to cause denial of
service (memory corruption and application crash) and possible
execution of arbitrary code.

See also :

http://www.openoffice.org/security/cves/CVE-2015-4551.html
http://www.openoffice.org/security/cves/CVE-2015-5212.html
http://www.openoffice.org/security/cves/CVE-2015-5213.html
http://www.openoffice.org/security/cves/CVE-2015-5214.html
http://www.nessus.org/u?5401bad2

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 86775 ()

Bugtraq ID:

CVE ID: CVE-2015-4551
CVE-2015-5212
CVE-2015-5213
CVE-2015-5214

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now