Detections
Analytics

LibreOffice < 7.2.7 / 7.3.2 Improper Certificate Validation (macOS)

high Nessus Plugin ID 163765

Language:

Synopsis

A input validation vulnerability exists in Document Foundation LibreOffice versions prior to 7.2.7 or 7.3.2.

Description

According to its self-reported version, the LibreOffice application running on the remote host is prior to 7.2.7 or 7.3.2. It is, therefore, affected by an Improper Certificate Validation vulnerability where determining if a macro was signed by a trusted author was done by only matching the serial number and issuer string of the used certificate with that of a trusted certificate. This is not sufficient to verify that the macro was actually signed with the certificate.
An adversary could therefore create an arbitrary certificate with a serial number and an issuer string identical to a trusted certificate which LibreOffice would present as belonging to the trusted author, potentially leading to the user to execute arbitrary code contained in macros improperly trusted (CVE-2022-26305)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to LibreOffice version 7.2.7, 7.3.2 or later.

See Also

http://www.nessus.org/u?d91e2728

Plugin Details

Severity: High

ID: 163765

File Name: macos_libreoffice_732.nasl

Version: 1.7

Type: local

Agent: macosx

Published: 8/3/2022

Updated: 12/7/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-26305

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:libreoffice:libreoffice

Required KB Items: installed_sw/LibreOffice, Host/MacOSX/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/25/2022

Vulnerability Publication Date: 7/25/2022

Reference Information

CVE: CVE-2022-26305

IAVB: 2022-B-0024-S