LibreOffice < 6.2.7 / 6.3.x < 6.3.1 Directory Traversal (macOS)

Medium Nessus Plugin ID 129534

Synopsis

An application installed on the remote host is affected by a directory traversal vulnerability.

Description

The version of LibreOffice installed on the remote macOS host is prior to 6.2.7 or 6.3.x prior to 6.3.1. It is, therefore, affected by a directory traversal vulnerability. This is due to a feature in LibreOffice which allows documents to specify pre-installed macros that can be executed on various script events. Only scripts under the 'share/Scripts/python' and /user/Scripts/python' sub-directories of the LibreOffice install should be accessible.
Previous protection to address CVE-2019-9852 to avoid a directory traversal attack was added, however this protection can be bypassed due to a flaw in how LibreOffice assembles the final script URL location. This flaw can be exploited to allow scripts in arbitrary locations on the file system to be executed.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to LibreOffice version 6.2.7, 6.3.1 or later.

See Also

http://www.nessus.org/u?43a121e2

Plugin Details

Severity: Medium

ID: 129534

File Name: macos_libreoffice_631.nasl

Version: 1.4

Type: local

Agent: macosx

Published: 2019/10/03

Updated: 2019/12/23

Dependencies: 55575

Risk Information

Risk Factor: Medium

CVSS Score Source: CVE-2019-9854

CVSS v2.0

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:libreoffice:libreoffice

Required KB Items: installed_sw/LibreOffice, Host/MacOSX/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 2019/09/06

Vulnerability Publication Date: 2019/09/06

Reference Information

CVE: CVE-2019-9854

IAVB: 2019-B-0078