Vulnerabilities > CVE-2008-0668 - Numeric Errors vulnerability in Gnome Gnumeric
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 | |
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-604-1.NASL description Thilo Pfennig and Morten Welinder discovered that the XLS spreadsheet handling code in Gnumeric did not correctly calculate needed memory sizes. If a user or automated system were tricked into loading a specially crafted XLS document, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 32054 published 2008-04-25 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/32054 title Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : gnumeric vulnerability (USN-604-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-604-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(32054); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2008-0668"); script_xref(name:"USN", value:"604-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : gnumeric vulnerability (USN-604-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Thilo Pfennig and Morten Welinder discovered that the XLS spreadsheet handling code in Gnumeric did not correctly calculate needed memory sizes. If a user or automated system were tricked into loading a specially crafted XLS document, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/604-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric-gtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric-plugins-extra"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/25"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"gnumeric", pkgver:"1.6.3-0ubuntu4.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"gnumeric-common", pkgver:"1.6.3-0ubuntu4.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"gnumeric-doc", pkgver:"1.6.3-0ubuntu4.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"gnumeric-gtk", pkgver:"1.6.3-0ubuntu4.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"gnumeric-plugins-extra", pkgver:"1.6.3-0ubuntu4.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"gnumeric", pkgver:"1.7.0-1ubuntu4.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"gnumeric-common", pkgver:"1.7.0-1ubuntu4.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"gnumeric-doc", pkgver:"1.7.0-1ubuntu4.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"gnumeric-gtk", pkgver:"1.7.0-1ubuntu4.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"gnumeric-plugins-extra", pkgver:"1.7.0-1ubuntu4.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"gnumeric", pkgver:"1.7.8-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"gnumeric-common", pkgver:"1.7.8-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"gnumeric-doc", pkgver:"1.7.8-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"gnumeric-gtk", pkgver:"1.7.8-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.04", pkgname:"gnumeric-plugins-extra", pkgver:"1.7.8-0ubuntu1.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"gnumeric", pkgver:"1.7.11-1ubuntu3.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"gnumeric-common", pkgver:"1.7.11-1ubuntu3.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"gnumeric-doc", pkgver:"1.7.11-1ubuntu3.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"gnumeric-gtk", pkgver:"1.7.11-1ubuntu3.1")) flag++; if (ubuntu_check(osver:"7.10", pkgname:"gnumeric-plugins-extra", pkgver:"1.7.11-1ubuntu3.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnumeric / gnumeric-common / gnumeric-doc / gnumeric-gtk / etc"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200802-05.NASL description The remote host is affected by the vulnerability described in GLSA-200802-05 (Gnumeric: User-assisted execution of arbitrary code) Multiple integer overflow and signedness errors have been reported in the excel_read_HLINK() function in file plugins/excel/ms-excel-read.c when processing XLS HLINK opcodes. Impact : A remote attacker could entice a user to open a specially crafted XLS file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 31083 published 2008-02-14 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/31083 title GLSA-200802-05 : Gnumeric: User-assisted execution of arbitrary code code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200802-05. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(31083); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2008-0668"); script_xref(name:"GLSA", value:"200802-05"); script_name(english:"GLSA-200802-05 : Gnumeric: User-assisted execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200802-05 (Gnumeric: User-assisted execution of arbitrary code) Multiple integer overflow and signedness errors have been reported in the excel_read_HLINK() function in file plugins/excel/ms-excel-read.c when processing XLS HLINK opcodes. Impact : A remote attacker could entice a user to open a specially crafted XLS file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200802-05" ); script_set_attribute( attribute:"solution", value: "All Gnumeric users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/gnumeric-1.8.1'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gnumeric"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-office/gnumeric", unaffected:make_list("ge 1.8.1"), vulnerable:make_list("lt 1.8.1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Gnumeric"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1546.NASL description Thilo Pfennig and Morten Welinder discovered several integer overflow weaknesses in Gnumeric, a GNOME spreadsheet application. These vulnerabilities could result in the execution of arbitrary code through the opening of a maliciously crafted Excel spreadsheet. last seen 2020-06-01 modified 2020-06-02 plugin id 31952 published 2008-04-17 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/31952 title Debian DSA-1546-1 : gnumeric - integer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1546. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(31952); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:21"); script_cve_id("CVE-2008-0668"); script_xref(name:"DSA", value:"1546"); script_name(english:"Debian DSA-1546-1 : gnumeric - integer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Thilo Pfennig and Morten Welinder discovered several integer overflow weaknesses in Gnumeric, a GNOME spreadsheet application. These vulnerabilities could result in the execution of arbitrary code through the opening of a maliciously crafted Excel spreadsheet." ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2008/dsa-1546" ); script_set_attribute( attribute:"solution", value: "Upgrade the gnumeric packages. For the stable distribution (etch), these problems have been fixed in version 1.6.3-5+etch1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gnumeric"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"patch_publication_date", value:"2008/04/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"gnumeric", reference:"1.6.3-5.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"gnumeric-common", reference:"1.6.3-5.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"gnumeric-doc", reference:"1.6.3-5.1+etch1")) flag++; if (deb_check(release:"4.0", prefix:"gnumeric-plugins-extra", reference:"1.6.3-5.1+etch1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2008-1313.NASL description Fix integer overflow and signedness errors in XLS processing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30237 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30237 title Fedora 7 : gnumeric-1.6.3-14.fc7 (2008-1313) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-1313. # include("compat.inc"); if (description) { script_id(30237); script_version ("1.11"); script_cvs_date("Date: 2019/08/02 13:32:27"); script_cve_id("CVE-2008-0668"); script_xref(name:"FEDORA", value:"2008-1313"); script_name(english:"Fedora 7 : gnumeric-1.6.3-14.fc7 (2008-1313)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix integer overflow and signedness errors in XLS processing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=431226" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007495.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7903d389" ); script_set_attribute( attribute:"solution", value:"Update the affected gnumeric package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnumeric"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC7", reference:"gnumeric-1.6.3-14.fc7")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnumeric"); }NASL family Fedora Local Security Checks NASL id FEDORA_2008-1403.NASL description Fix integer overflow and signedness errors in XLS processing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 30240 published 2008-02-11 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/30240 title Fedora 8 : gnumeric-1.6.3-14.fc8 (2008-1403) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2008-1403. # include("compat.inc"); if (description) { script_id(30240); script_version ("1.11"); script_cvs_date("Date: 2019/08/02 13:32:27"); script_cve_id("CVE-2008-0668"); script_xref(name:"FEDORA", value:"2008-1403"); script_name(english:"Fedora 8 : gnumeric-1.6.3-14.fc8 (2008-1403)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix integer overflow and signedness errors in XLS processing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=431226" ); # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007608.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?1fc89818" ); script_set_attribute( attribute:"solution", value:"Update the affected gnumeric package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnumeric"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8"); script_set_attribute(attribute:"patch_publication_date", value:"2008/02/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC8", reference:"gnumeric-1.6.3-14.fc8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnumeric"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-056.NASL description A vulnerability was found in the excel_read_HLINK function in the Microsoft Excel plugin in Gnumeric prior to version 1.8.1 that would allow for the execution of arbitrary code via a crafted XLS file containing XLS HLINK opcodes. The updated packages have been patched to correct this issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37027 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37027 title Mandriva Linux Security Advisory : gnumeric (MDVSA-2008:056) NASL family SuSE Local Security Checks NASL id SUSE_GNUMERIC-5393.NASL description Specially crafed xls files could trigger integer overflows in gnumeric that could potentially be exploited to execute arbitrary code (CVE-2008-0668). last seen 2020-06-01 modified 2020-06-02 plugin id 33559 published 2008-07-23 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33559 title openSUSE 10 Security Update : gnumeric (gnumeric-5393)
References
- http://bugs.gentoo.org/show_bug.cgi?id=208356
- http://bugzilla.gnome.org/show_bug.cgi?id=505330
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html
- http://secunia.com/advisories/28725/
- http://secunia.com/advisories/28799
- http://secunia.com/advisories/28948
- http://secunia.com/advisories/29702
- http://secunia.com/advisories/29896
- http://secunia.com/advisories/31339
- http://security.gentoo.org/glsa/glsa-200802-05.xml
- http://www.debian.org/security/2008/dsa-1546
- http://www.gnome.org/projects/gnumeric/announcements/1.8/gnumeric-1.8.1.shtml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:056
- http://www.securityfocus.com/bid/27536
- http://www.ubuntu.com/usn/usn-604-1
- http://www.vupen.com/english/advisories/2008/0462
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00114.html
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00227.html