Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.LIBREOFFICE_420.NASL
HistoryApr 04, 2014 - 12:00 a.m.

LibreOffice < 4.1.5 / 4.2.0 Python Multiple Vulnerabilities

2014-04-0400:00:00
This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

61.9%

JSON

A version of LibreOffice prior to 4.1.5 / 4.2.0 is installed on the remote Windows host. It is, therefore, reportedly affected by multiple vulnerabilities including a denial of service vulnerability related to Python.

A remote attacker could use these flaws to cause a denial of service or to conduct spoofing attacks.

Note that Nessus has not attempted to exploit these issues, but has instead relied only on the self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(73336);
  script_version("1.7");
  script_cvs_date("Date: 2019/11/26");

  script_cve_id("CVE-2013-1752", "CVE-2013-4238");

  script_name(english:"LibreOffice < 4.1.5 / 4.2.0 Python Multiple Vulnerabilities");
  script_summary(english:"Checks version of LibreOffice");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains an application that is affected by multiple
vulnerabilities with Python.");
  script_set_attribute(attribute:"description", value:
"A version of LibreOffice prior to 4.1.5 / 4.2.0 is installed on the
remote Windows host. It is, therefore, reportedly affected by multiple
vulnerabilities including a denial of service vulnerability related to
Python.

A remote attacker could use these flaws to cause a denial of service
or to conduct spoofing attacks.

Note that Nessus has not attempted to exploit these issues, but has
instead relied only on the self-reported version number.");
  script_set_attribute(attribute:"see_also", value:"http://www.libreoffice.org/about-us/security/advisories/cve-2013-1752/");
  # http://blog.documentfoundation.org/2012/07/11/libreoffice-3-5-5-is-available/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bc6741ee");
  # http://blog.documentfoundation.org/2014/01/30/libreoffice-4-2-focusing-on-performance-and-interoperability-and-improving-the-integration-with-microsoft-windows/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a594575e");
  script_set_attribute(attribute:"solution", value:
"Upgrade to LibreOffice version 4.1.5 / 4.2.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4238");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/03/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:libreoffice:libreoffice");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("libreoffice_installed.nasl");
  script_require_keys("SMB/LibreOffice/Version");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

kb_base = "SMB/LibreOffice";
version = get_kb_item_or_exit(kb_base+"/Version");
path = get_kb_item_or_exit(kb_base+"/Path");
version_ui = get_kb_item_or_exit(kb_base+"/Version_UI");

if (
  # nb: first release of LibreOffice was 3.3.0.
  version =~ "^3" ||
  (version =~ "^4\.1\." && ver_compare(ver:version, fix:'4.1.5.1', strict:FALSE) == -1) ||
  (version =~ "^4\.2\." && ver_compare(ver:version, fix:'4.2.0.1', strict:FALSE) == -1)
)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version_ui +
      '\n  Fixed version     : 4.1.5 / 4.2.0\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
}
else audit(AUDIT_INST_PATH_NOT_VULN, "LibreOffice", version_ui, path);
VendorProductVersionCPE
libreofficelibreofficecpe:/a:libreoffice:libreoffice

Related

nessus 55
seebug 1
amazon 4
openvas 61
fedora 17
centos 3
prion 3
nvd 3
cvelist 2
cve 3
veracode 7
osv 5
securityvulns 2
f5 3
oraclelinux 4
redhat 4
ubuntu 5
mageia 4
debiancve 1
ubuntucve 1
debian 2
vmware 2
slackware 1
archlinux 1
ibm 3
gentoo 1
suse 1
nessus
nessus
LibreOffice < 4.1.5 / 4.2.0 Python Multiple Vulnerabilities (Mac OS X)
2014-04-04 00:00:00
Amazon Linux AMI : python26 (ALAS-2013-241)
2013-11-14 00:00:00
SuSE 11.3 Security Update : python (SAT Patch Number 8892)
2014-03-07 00:00:00
seebug
seebug
Pythonๅคšไธชๅฎ‰ๅ…จๆผๆดž
2013-12-30 00:00:00
amazon
amazon
Medium: python26
2013-11-03 12:09:00
Medium: python27
2013-09-04 13:31:00
Medium: python26
2015-12-14 10:00:00
openvas
openvas
Amazon Linux: Security Advisory (ALAS-2013-241)
2015-09-08 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:0337-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2014:1012-1)
2021-06-09 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: python3-3.3.2-6.fc19
2013-08-27 23:35:51
[SECURITY] Fedora 19 Update: python3-3.3.2-8.fc19
2013-11-26 04:01:31
[SECURITY] Fedora 19 Update: python-2.7.5-4.fc19
2013-08-24 22:27:19
centos
centos
python, tkinter security update
2013-11-26 13:32:42
python, tkinter security update
2015-07-26 14:11:19
python, tkinter security update
2015-11-30 19:48:49
prion
prion
Design/Logic Flaw
2019-06-03 20:15:00
Design/Logic Flaw
2013-08-27 03:34:00
Design/Logic Flaw
2013-08-18 02:52:00
nvd
nvd
CVE-2013-1752
2019-06-03 20:15:09
CVE-2013-4238
2013-08-18 02:52:22
CVE-2013-4328
2013-08-27 03:34:35
cvelist
cvelist
CVE-2013-1752
2019-06-03 19:04:24
CVE-2013-4238
2013-08-18 01:00:00
cve
cve
CVE-2013-1752
2019-06-03 20:15:09
CVE-2013-4238
2013-08-18 02:52:22
CVE-2013-4328
2022-10-03 16:14:58
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:06:08
Man-in-the-Middle (MitM)
2019-01-15 08:51:35
Arbitrary Code Execution
2019-05-02 05:39:24
osv
osv
smtplib unlimited read
2019-06-03 19:04:24
python2.6 - regression update
2014-07-31 00:00:00
python2.6 - regression update
2014-07-31 00:00:00
securityvulns
securityvulns
Python SSL certificate check bypass
2013-10-02 00:00:00
NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities
2014-12-11 00:00:00
f5
f5
K53192206 : Python and Jython vulnerability CVE-2013-1752
2017-07-21 00:00:00
K15638 : Python vulnerability CVE-2013-4238
2014-10-17 00:00:00
SOL15638 - Python vulnerability CVE-2013-4238
2014-09-29 00:00:00
oraclelinux
oraclelinux
python security, bug fix, and enhancement update
2013-11-26 00:00:00
python security, bug fix, and enhancement update
2015-07-28 00:00:00
python security, bug fix, and enhancement update
2015-11-23 00:00:00
redhat
redhat
(RHSA-2013:1582) Moderate: python security, bug fix, and enhancement update
2013-11-21 00:00:00
(RHSA-2015:1330) Moderate: python security, bug fix, and enhancement update
2015-07-22 00:00:00
(RHSA-2015:2101) Moderate: python security, bug fix, and enhancement update
2015-11-19 13:41:01
ubuntu
ubuntu
Python 2.6 vulnerability
2013-10-01 00:00:00
Python 3.2 vulnerabilities
2013-10-01 00:00:00
Python 3.3 vulnerabilities
2013-10-01 00:00:00
mageia
mageia
Updated python packages fix CVE-2013-4328 and pip
2013-08-17 12:43:24
Updated python package fixes security vulnerabilities
2014-03-24 11:37:41
Updated python3, bzr and some python packages fix security vulnerabilties
2013-08-22 21:58:14
debiancve
debiancve
CVE-2013-4238
2013-08-18 02:52:22
ubuntucve
ubuntucve
CVE-2013-4238
2013-08-17 00:00:00
debian
debian
[SECURITY] [DSA 2880-1] python2.7 security update
2014-03-17 18:07:37
[DLA 25-1] python2.6 security update
2014-07-31 21:07:32
vmware
vmware
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
VMware vSphere product updates address security vulnerabilities
2014-12-04 00:00:00
slackware
slackware
[slackware-security] python
2019-03-03 22:46:15
archlinux
archlinux
python2: multiple issues
2014-12-15 00:00:00
ibm
ibm
Security Bulletin: Python vulnerabilities affect IBM SmartCloud Entry (CVE-2013-1752 CVE-2014-1912 CVE-2014-4650 CVE-2014-7185)
2020-07-19 00:49:12
Security Bulletin: Multiple vulnerabilities in Python affect PowerKVM
2018-06-18 01:30:44
Security Bulletin: Vulnerabilities in Python, rpcbind, SQLite affect IBM SmartCloud Provisioning for IBM Software Virtual Appliance
2018-06-17 22:33:00
gentoo
gentoo
Python: Multiple vulnerabilities
2015-03-18 00:00:00
suse
suse
Security update for python3 (important)
2020-01-21 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

61.9%

JSON
Related for LIBREOFFICE_420.NASL
nessus55seebug1amazon4openvas61fedora17centos3prion3nvd3cvelist2cve3veracode7osv5securityvulns2f53oraclelinux4redhat4ubuntu5mageia4debiancve1ubuntucve1debian2vmware2slackware1archlinux1ibm3gentoo1suse1