FreeBSD : OpenOffice 4.1.1 -- multiple vulnerabilities (18b3c61b-83de-11e5-905b-ac9e174be3af)

Medium Nessus Plugin ID 86775

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The Apache OpenOffice Project reports :

A vulnerability in OpenOffice settings of OpenDocument Format files and templates allows silent access to files that are readable from an user account, over-riding the user's default configuration settings.
Once these files are imported into a maliciously-crafted document, the data can be silently hidden in the document and possibly exported to an external party without being observed.

The Apache OpenOffice Project reports :

A crafted ODF document can be used to create a buffer that is too small for the amount of data loaded into it, allowing an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.

The Apache OpenOffice Project reports :

A crafted Microsoft Word DOC file can be used to specify a document buffer that is too small for the amount of data provided for it.
Failure to detect the discrepancy allows an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.

The Apache OpenOffice Project reports :

A crafted Microsoft Word DOC can contain invalid bookmark positions leading to memory corruption when the document is loaded or bookmarks are manipulated. The defect allows an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.

Solution

Update the affected packages.

See Also

http://www.openoffice.org/security/cves/CVE-2015-4551.html

http://www.openoffice.org/security/cves/CVE-2015-5212.html

http://www.openoffice.org/security/cves/CVE-2015-5213.html

http://www.openoffice.org/security/cves/CVE-2015-5214.html

http://www.nessus.org/u?13ad4927

Plugin Details

Severity: Medium

ID: 86775

File Name: freebsd_pkg_18b3c61b83de11e5905bac9e174be3af.nasl

Version: 2.5

Type: local

Published: 2015/11/06

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:apache-openoffice, p-cpe:/a:freebsd:freebsd:apache-openoffice-devel, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/11/05

Vulnerability Publication Date: 2015/11/04

Reference Information

CVE: CVE-2015-4551, CVE-2015-5212, CVE-2015-5213, CVE-2015-5214