This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.MACOS_LIBREOFFICE_530.NASLLibreOffice < 5.1.6 / 5.2.5 / 5.3.0 Multiple Vulnerabilities (macOS)
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.021 Low
EPSS
Percentile
89.2%
The version of LibreOffice installed on the remote Mac OS X or macOS host is prior to 5.1, 5.1.x prior to 5.1.6, or 5.2.x prior to 5.2.5.
It is, therefore, affected by multiple vulnerabilities :
-
An overflow condition exists when processing EMF files, specifically in the EnhWMFReader::ReadEnhWMF() function within file vcl/source/filter/wmf/enhwmf.cxx, due to improper validation of a certain offset value in the header that precedes bitmap data. An unauthenticated, remote attacker can exploit this, via a specially crafted enhanced metafile file (EMF), to cause a denial of service condition or the execution of arbitrary code.
Note that this vulnerability does not affect version 5.1.x. (CVE-2016-10327) -
A file disclosure vulnerability exists due to a flaw in the content preview feature when handling embedded objects. An unauthenticated, remote attacker can exploit this, via a specially crafted file, to disclose details of a file on the hosting system. (CVE-2017-3157)
-
An overflow condition exists in the Polygon::Insert() function within file tools/source/generic/poly.cxx when processing polygons in Windows metafiles (WMF) that under certain circumstances result in polygons with more points than can represented in LibreOffice’s internal polygon class. An unauthenticated, remote attacker can exploit this, via a specially crafted WMF file, to cause a denial of service condition or the execution of arbitrary code. Note that this vulnerability does not affect version 5.1.x. (CVE-2017-7870)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(97497);
script_version("1.7");
script_cvs_date("Date: 2019/11/13");
script_cve_id("CVE-2016-10327", "CVE-2017-3157", "CVE-2017-7870");
script_bugtraq_id(96402, 97668, 97671);
script_name(english:"LibreOffice < 5.1.6 / 5.2.5 / 5.3.0 Multiple Vulnerabilities (macOS)");
script_summary(english:"Checks the version of LibreOffice.");
script_set_attribute(attribute:"synopsis", value:
"An application installed on the remote host is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of LibreOffice installed on the remote Mac OS X or macOS
host is prior to 5.1, 5.1.x prior to 5.1.6, or 5.2.x prior to 5.2.5.
It is, therefore, affected by multiple vulnerabilities :
- An overflow condition exists when processing EMF files,
specifically in the EnhWMFReader::ReadEnhWMF() function
within file vcl/source/filter/wmf/enhwmf.cxx, due to
improper validation of a certain offset value in the
header that precedes bitmap data. An unauthenticated,
remote attacker can exploit this, via a specially
crafted enhanced metafile file (EMF), to cause a denial
of service condition or the execution of arbitrary code.
Note that this vulnerability does not affect version
5.1.x. (CVE-2016-10327)
- A file disclosure vulnerability exists due to a flaw in
the content preview feature when handling embedded
objects. An unauthenticated, remote attacker can exploit
this, via a specially crafted file, to disclose details
of a file on the hosting system. (CVE-2017-3157)
- An overflow condition exists in the Polygon::Insert()
function within file tools/source/generic/poly.cxx
when processing polygons in Windows metafiles (WMF) that
under certain circumstances result in polygons with more
points than can represented in LibreOffice's internal
polygon class. An unauthenticated, remote attacker can
exploit this, via a specially crafted WMF file, to cause
a denial of service condition or the execution of
arbitrary code. Note that this vulnerability does not
affect version 5.1.x. (CVE-2017-7870)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://www.libreoffice.org/about-us/security/advisories/cve-2016-10327/");
script_set_attribute(attribute:"see_also", value:"https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/");
script_set_attribute(attribute:"see_also", value:"https://www.libreoffice.org/about-us/security/advisories/cve-2017-7870/");
script_set_attribute(attribute:"solution", value:
"Upgrade to LibreOffice version 5.1.6 / 5.2.5 / 5.3.0 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7870");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/22");
script_set_attribute(attribute:"patch_publication_date", value:"2017/02/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/03/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:libreoffice:libreoffice");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_libreoffice_installed.nasl");
script_require_keys("installed_sw/LibreOffice", "Host/MacOSX/Version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("install_func.inc");
app_name = "LibreOffice";
get_kb_item_or_exit("Host/MacOSX/Version");
install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE);
version = install['version'];
path = install['path'];
if (
# < 5.x
version =~ "^[0-4]($|[^0-9])" ||
# 5.0 < 5.1
version =~ "^5\.0($|[^0-9])" ||
# 5.1 < 5.1.6
version =~ "^5\.1($|\.[0-5])($|[^0-9])" ||
# 5.2 < 5.2.5
version =~ "^5\.2($|\.[0-4])($|[^0-9])"
)
{
port = get_kb_item("SMB/transport");
if (!port) port = 445;
report =
'\n Path : ' + path +
'\n Installed version : ' + version +
'\n Fixed version : 5.1.6 / 5.2.5 / 5.3.0' +
'\n';
security_report_v4(port:0, severity:SECURITY_HOLE, extra:report);
exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version, path);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| libreoffice | libreoffice | cpe:/a:libreoffice:libreoffice |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10327
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3157
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7870
www.libreoffice.org/about-us/security/advisories/cve-2016-10327/
www.libreoffice.org/about-us/security/advisories/cve-2017-3157/
www.libreoffice.org/about-us/security/advisories/cve-2017-7870/
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.021 Low
EPSS
Percentile
89.2%