Vulnerabilities > CVE-2005-2971 - Remote Buffer Overflow vulnerability in KDE KOffice KWord RTF Import
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 13 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-185.NASL description Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. An attacker could provide a specially crafted RTF file, which when opened in KWord can cause execution of arbitrary code. The updated packages are patched to deal with these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20431 published 2006-01-15 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20431 title Mandrake Linux Security Advisory : koffice (MDKSA-2005:185) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:185. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(20431); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2005-2971"); script_xref(name:"MDKSA", value:"2005:185"); script_name(english:"Mandrake Linux Security Advisory : koffice (MDKSA-2005:185)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. An attacker could provide a specially crafted RTF file, which when opened in KWord can cause execution of arbitrary code. The updated packages are patched to deal with these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-karbon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-kexi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-kformula"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-kivio"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-koshell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-kpresenter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-krita"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-kspread"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-kugar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-kword"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:koffice-progs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-karbon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-karbon-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kexi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kexi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kformula"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kformula-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kivio"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kivio-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-koshell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kpresenter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-krita"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-krita-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kspread"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kspread-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kugar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kugar-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kword"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-kword-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-progs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64koffice2-progs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-karbon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-karbon-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-kexi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-kexi-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-kformula"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-kformula-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-kivio"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-kivio-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-koshell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-kpresenter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-krita"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-krita-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-kspread"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-kspread-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-kugar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-kugar-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-kword"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-kword-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-progs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libkoffice2-progs-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.2", reference:"koffice-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"koffice-karbon-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"koffice-kformula-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"koffice-kivio-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"koffice-koshell-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"koffice-kpresenter-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"koffice-kspread-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"koffice-kugar-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"koffice-kword-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"koffice-progs-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64koffice2-karbon-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64koffice2-kformula-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64koffice2-kivio-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64koffice2-koshell-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64koffice2-kpresenter-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64koffice2-kspread-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64koffice2-kspread-devel-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64koffice2-kugar-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64koffice2-kugar-devel-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64koffice2-kword-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64koffice2-kword-devel-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64koffice2-progs-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64koffice2-progs-devel-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libkoffice2-karbon-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libkoffice2-kformula-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libkoffice2-kivio-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libkoffice2-koshell-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libkoffice2-kpresenter-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libkoffice2-kspread-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libkoffice2-kspread-devel-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libkoffice2-kugar-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libkoffice2-kugar-devel-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libkoffice2-kword-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libkoffice2-kword-devel-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libkoffice2-progs-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libkoffice2-progs-devel-1.3.5-24.1.102mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"koffice-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"koffice-karbon-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"koffice-kexi-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"koffice-kformula-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"koffice-kivio-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"koffice-koshell-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"koffice-kpresenter-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"koffice-krita-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"koffice-kspread-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"koffice-kugar-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"koffice-kword-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", reference:"koffice-progs-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-karbon-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-karbon-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-kexi-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-kexi-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-kformula-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-kformula-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-kivio-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-kivio-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-koshell-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-kpresenter-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-krita-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-krita-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-kspread-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-kspread-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-kugar-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-kugar-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-kword-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-kword-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-progs-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64koffice2-progs-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-karbon-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-karbon-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-kexi-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-kexi-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-kformula-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-kformula-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-kivio-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-kivio-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-koshell-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-kpresenter-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-krita-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-krita-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-kspread-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-kspread-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-kugar-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-kugar-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-kword-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-kword-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-progs-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libkoffice2-progs-devel-1.4.1-12.1.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-872.NASL description Chris Evans discovered a buffer overflow in the RTF importer of kword, a word processor for the KDE Office Suite that can lead to the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 22738 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22738 title Debian DSA-872-1 : koffice - buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-872. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22738); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2005-2971"); script_bugtraq_id(15060); script_xref(name:"DSA", value:"872"); script_name(english:"Debian DSA-872-1 : koffice - buffer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Chris Evans discovered a buffer overflow in the RTF importer of kword, a word processor for the KDE Office Suite that can lead to the execution of arbitrary code." ); script_set_attribute( attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333497" ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2005/dsa-872" ); script_set_attribute( attribute:"solution", value: "Upgrade the kword package. The old stable distribution (woody) does not contain a kword package. For the stable distribution (sarge) this problem has been fixed in version 1.3.5-4.sarge.1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:koffice"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"karbon", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"kchart", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"kformula", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"kivio", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"kivio-data", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"koffice", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"koffice-data", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"koffice-dev", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"koffice-doc-html", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"koffice-libs", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"koshell", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"kpresenter", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"kspread", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"kugar", reference:"1.3.5-4.sarge.1")) flag++; if (deb_check(release:"3.1", prefix:"kword", reference:"1.3.5-4.sarge.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-202-1.NASL description Chris Evans discovered a buffer overflow in the RTF import module of KOffice. By tricking a user into opening a specially crafted RTF file, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20618 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20618 title Ubuntu 5.04 : koffice vulnerability (USN-202-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-202-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(20618); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:33:00"); script_cve_id("CVE-2005-2971"); script_xref(name:"USN", value:"202-1"); script_name(english:"Ubuntu 5.04 : koffice vulnerability (USN-202-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Chris Evans discovered a buffer overflow in the RTF import module of KOffice. By tricking a user into opening a specially crafted RTF file, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:karbon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kchart"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kformula"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kivio"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kivio-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koffice-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koffice-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koffice-doc-html"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koffice-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:koshell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kpresenter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kspread"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kugar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:kword"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.04", pkgname:"karbon", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"kchart", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"kformula", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"kivio", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"kivio-data", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"koffice", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"koffice-data", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"koffice-dev", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"koffice-doc-html", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"koffice-libs", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"koshell", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"kpresenter", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"kspread", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"kugar", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (ubuntu_check(osver:"5.04", pkgname:"kword", pkgver:"1.3.5-2ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "karbon / kchart / kformula / kivio / kivio-data / koffice / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200510-12.NASL description The remote host is affected by the vulnerability described in GLSA-200510-12 (KOffice, KWord: RTF import buffer overflow) Chris Evans discovered that the KWord RTF importer was vulnerable to a heap-based buffer overflow. Impact : An attacker could entice a user to open a specially crafted RTF file, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 20032 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20032 title GLSA-200510-12 : KOffice, KWord: RTF import buffer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200510-12. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(20032); script_version("1.18"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-2971"); script_bugtraq_id(15060); script_xref(name:"GLSA", value:"200510-12"); script_name(english:"GLSA-200510-12 : KOffice, KWord: RTF import buffer overflow"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200510-12 (KOffice, KWord: RTF import buffer overflow) Chris Evans discovered that the KWord RTF importer was vulnerable to a heap-based buffer overflow. Impact : An attacker could entice a user to open a specially crafted RTF file, potentially resulting in the execution of arbitrary code with the rights of the user running the affected application. Workaround : There is no known workaround at this time." ); # http://www.kde.org/info/security/advisory-20051011-1.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20051011-1.txt" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200510-12" ); script_set_attribute( attribute:"solution", value: "All KOffice users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/koffice-1.4.1-r1' All KWord users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/kword-1.4.1-r1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:koffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:kword"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-office/kword", unaffected:make_list("ge 1.4.1-r1"), vulnerable:make_list("lt 1.4.1-r1"))) flag++; if (qpkg_check(package:"app-office/koffice", unaffected:make_list("ge 1.4.1-r1"), vulnerable:make_list("lt 1.4.1-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "KOffice / KWord"); }NASL family Fedora Local Security Checks NASL id FEDORA_2005-984.NASL description - Tue Oct 11 2005 Than Ngo <than at redhat.com> 4:1.4.2-0.FC3.2 - remove security fix which is included in new 1.4.2 upstream - Thu Sep 29 2005 Than Ngo <than at redhat.com> 4:1.4.2-0.FC3.1 - update to 1.4.2 - apply upstream patch to fix CVE-2005-2971 kword buffer overflow #169486 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20021 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20021 title Fedora Core 3 : koffice-1.4.2-0.FC3.2 (2005-984) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2005-984. # include("compat.inc"); if (description) { script_id(20021); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_cve_id("CVE-2005-2971"); script_xref(name:"FEDORA", value:"2005-984"); script_name(english:"Fedora Core 3 : koffice-1.4.2-0.FC3.2 (2005-984)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Tue Oct 11 2005 Than Ngo <than at redhat.com> 4:1.4.2-0.FC3.2 - remove security fix which is included in new 1.4.2 upstream - Thu Sep 29 2005 Than Ngo <than at redhat.com> 4:1.4.2-0.FC3.1 - update to 1.4.2 - apply upstream patch to fix CVE-2005-2971 kword buffer overflow #169486 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-October/001487.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b0447c90" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:koffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:koffice-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:koffice-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:koffice-i18n"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"koffice-1.4.2-0.FC3.2")) flag++; if (rpm_check(release:"FC3", reference:"koffice-debuginfo-1.4.2-0.FC3.2")) flag++; if (rpm_check(release:"FC3", reference:"koffice-devel-1.4.2-0.FC3.2")) flag++; if (rpm_check(release:"FC3", reference:"koffice-i18n-1.4.2-0.FC3.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "koffice / koffice-debuginfo / koffice-devel / koffice-i18n"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2005-310-02.NASL description New KOffice packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue with KWord. A buffer overflow in the RTF import functionality could result in the execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 20150 published 2005-11-07 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20150 title Slackware 10.0 / 10.1 / 10.2 / 9.1 / current : KOffice/KWord (SSA:2005-310-02) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2005-310-02. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(20150); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2005-2971"); script_xref(name:"SSA", value:"2005-310-02"); script_name(english:"Slackware 10.0 / 10.1 / 10.2 / 9.1 / current : KOffice/KWord (SSA:2005-310-02)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New KOffice packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue with KWord. A buffer overflow in the RTF import functionality could result in the execution of arbitrary code." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.388487 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3a242cd9" ); script_set_attribute( attribute:"solution", value:"Update the affected koffice package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:koffice"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2005/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/11/07"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/10/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"9.1", pkgname:"koffice", pkgver:"1.2.1", pkgarch:"i486", pkgnum:"6")) flag++; if (slackware_check(osver:"10.0", pkgname:"koffice", pkgver:"1.3.1", pkgarch:"i486", pkgnum:"4")) flag++; if (slackware_check(osver:"10.1", pkgname:"koffice", pkgver:"1.3.5", pkgarch:"i486", pkgnum:"3")) flag++; if (slackware_check(osver:"10.2", pkgname:"koffice", pkgver:"1.4.1", pkgarch:"i486", pkgnum:"2")) flag++; if (slackware_check(osver:"current", pkgname:"koffice", pkgver:"1.4.1", pkgarch:"i486", pkgnum:"2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://scary.beasts.org/security/CESA-2005-005.txt
- http://secunia.com/advisories/17145/
- http://secunia.com/advisories/17171
- http://secunia.com/advisories/17190
- http://secunia.com/advisories/17212
- http://secunia.com/advisories/17332
- http://secunia.com/advisories/17480
- http://secunia.com/advisories/17486
- http://securitytracker.com/id?1015035
- http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.388487
- http://www.debian.org/security/2005/dsa-872
- http://www.gentoo.org/security/en/glsa/glsa-200510-12.xml
- http://www.kde.org/info/security/advisory-20051011-1.txt
- http://www.novell.com/linux/security/advisories/2005_25_sr.html
- http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00042.html
- http://www.securityfocus.com/bid/15060
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22562
- https://usn.ubuntu.com/202-1/