Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOSX_LIBREOFFICE_501.NASL
HistoryNov 17, 2015 - 12:00 a.m.

LibreOffice < 4.4.6 / 5.x < 5.0.1 Document Bookmark Arbitrary Code Execution (Mac OS X)

2015-11-1700:00:00
This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

The version of LibreOffice installed on the remote Mac OS X host is prior to 4.4.6 or 5.x prior to 5.0.1. It is, therefore, affected by a memory corruption issue in ‘filter/ww8/ww8scan.cxx’ due to improper validation of user-supplied input when handling bookmark status positions. A remote attacker can exploit this, via a specially crafted document, to cause a denial of service condition or the execution of arbitrary code.

Note that Nessus has not attempted to exploit this issue but has instead relied only on the application’s self-reported version number.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(86903);
  script_version("1.9");
  script_cvs_date("Date: 2019/11/20");

  script_cve_id("CVE-2015-5214");

  script_name(english:"LibreOffice < 4.4.6 / 5.x < 5.0.1 Document Bookmark Arbitrary Code Execution (Mac OS X)");
  script_summary(english:"Checks the version of LibreOffice.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an application installed that is affected by an
arbitrary code execution vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of LibreOffice installed on the remote Mac OS X host is
prior to 4.4.6 or 5.x prior to 5.0.1. It is, therefore, affected by a
memory corruption issue in 'filter/ww8/ww8scan.cxx' due to improper
validation of user-supplied input when handling bookmark status
positions. A remote attacker can exploit this, via a specially crafted
document, to cause a denial of service condition or the execution of
arbitrary code.

Note that Nessus has not attempted to exploit this issue but has
instead relied only on the application's self-reported version number.");
  # https://www.libreoffice.org/about-us/security/advisories/cve-2015-5214/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c8cc4e31");
  script_set_attribute(attribute:"see_also", value:"http://listarchives.documentfoundation.org/www/announce/msg00243.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to LibreOffice version 4.4.6 (4.4.6.3) / 5.0.1 (5.0.1.2) or
later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5214");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/11/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/09/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/11/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:libreoffice:libreoffice");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"MacOS X Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("macosx_libreoffice_installed.nasl");
  script_require_keys("installed_sw/LibreOffice", "Host/MacOSX/Version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");

app_name = "LibreOffice";

get_kb_item_or_exit("Host/MacOSX/Version");

install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
version    = install['version'];
path       = install['path'];

if (
  # < 4.x
  version =~ "^[0-3]($|[^0-9])" ||
  # 4.x < 4.4.6
  version =~ "^(4\.[0-3]|4\.4\.[0-5])($|[^0-9])" ||
  # 5.x < 5.0.1
  version =~ "^5\.0\.0($|[^0-9])"
)
{
  if (report_verbosity > 0)
  {
    report =
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 4.4.6 (4.4.6.3) / 5.0.1 (5.0.1.2)' +
      '\n';
    security_warning(port:0, extra:report);
  }
  else security_warning(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);
VendorProductVersionCPE
libreofficelibreofficecpe:/a:libreoffice:libreoffice

Related

openvas 14
cvelist 1
ubuntucve 1
nvd 1
kaspersky 2
cve 1
debiancve 1
nessus 15
prion 1
redhat 1
veracode 2
debian 1
ubuntu 1
mageia 1
centos 1
oraclelinux 1
osv 1
freebsd 1
gentoo 2
openvas
openvas
LibreOffice DOC Bookmarks Denial of Service Vulnerability (Nov 2015) - Mac OS X
2015-11-16 00:00:00
LibreOffice DOC Bookmarks Denial of Service Vulnerability (Nov 2015) - Windows
2015-11-16 00:00:00
Debian Security Advisory DSA 3394-1 (libreoffice - security update)
2015-11-05 00:00:00
cvelist
cvelist
CVE-2015-5214
2015-11-10 16:00:00
ubuntucve
ubuntucve
CVE-2015-5214
2015-11-03 00:00:00
nvd
nvd
CVE-2015-5214
2015-11-10 17:59:04
kaspersky
kaspersky
KLA10700 Code execution vulnerability in LibreOffice
2015-11-10 00:00:00
KLA11373 Code execution vulnerability in OpenOffice
2015-11-10 00:00:00
cve
cve
CVE-2015-5214
2015-11-10 17:59:04
debiancve
debiancve
CVE-2015-5214
2015-11-10 17:59:04
nessus
nessus
LibreOffice < 4.4.6 / 5.x < 5.0.1 Document Bookmark Arbitrary Code Execution
2015-11-17 00:00:00
FreeBSD : OpenOffice 4.1.1 -- multiple vulnerabilities (18b3c61b-83de-11e5-905b-ac9e174be3af)
2015-11-06 00:00:00
CentOS 6 / 7 : libreoffice (CESA-2015:2619)
2015-12-15 00:00:00
prion
prion
Memory corruption
2015-11-10 17:59:00
redhat
redhat
(RHSA-2015:2619) Moderate: libreoffice security update
2015-12-14 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2019-05-02 05:19:58
Buffer Overflow
2019-05-02 05:19:58
debian
debian
[SECURITY] [DSA 3394-1] libreoffice security update
2015-11-05 18:47:46
ubuntu
ubuntu
LibreOffice vulnerabilities
2015-11-05 00:00:00
mageia
mageia
Updated libreoffice packages fix security vulnerability
2015-11-11 00:26:39
centos
centos
autocorr, libreoffice security update
2015-12-14 23:10:44
oraclelinux
oraclelinux
libreoffice security update
2015-12-14 00:00:00
osv
osv
libreoffice - security update
2015-11-05 00:00:00
freebsd
freebsd
OpenOffice 4.1.1 -- multiple vulnerabilities
2015-11-04 00:00:00
gentoo
gentoo
LibreOffice, OpenOffice: Multiple vulnerabilities
2016-11-04 00:00:00
LibreOffice, OpenOffice: Multiple vulnerabilities
2016-03-09 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON
Related for MACOSX_LIBREOFFICE_501.NASL
openvas14cvelist1ubuntucve1nvd1kaspersky2cve1debiancve1nessus15prion1redhat1veracode2debian1ubuntu1mageia1centos1oraclelinux1osv1freebsd1gentoo2