Vulnerabilities > CVE-2008-0668 - Numeric Errors vulnerability in Gnome Gnumeric

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
redhat
gnome
CWE-189
critical
nessus

Summary

The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part Description Count
OS
Redhat
2
Application
Gnome
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-604-1.NASL
    descriptionThilo Pfennig and Morten Welinder discovered that the XLS spreadsheet handling code in Gnumeric did not correctly calculate needed memory sizes. If a user or automated system were tricked into loading a specially crafted XLS document, a remote attacker could execute arbitrary code with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id32054
    published2008-04-25
    reporterUbuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/32054
    titleUbuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : gnumeric vulnerability (USN-604-1)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-604-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(32054);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:33:02");
    
      script_cve_id("CVE-2008-0668");
      script_xref(name:"USN", value:"604-1");
    
      script_name(english:"Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : gnumeric vulnerability (USN-604-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Thilo Pfennig and Morten Welinder discovered that the XLS spreadsheet
    handling code in Gnumeric did not correctly calculate needed memory
    sizes. If a user or automated system were tricked into loading a
    specially crafted XLS document, a remote attacker could execute
    arbitrary code with user privileges.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/604-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric-common");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric-gtk");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnumeric-plugins-extra");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:7.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/25");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(6\.06|6\.10|7\.04|7\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10 / 7.04 / 7.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"6.06", pkgname:"gnumeric", pkgver:"1.6.3-0ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"gnumeric-common", pkgver:"1.6.3-0ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"gnumeric-doc", pkgver:"1.6.3-0ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"gnumeric-gtk", pkgver:"1.6.3-0ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.06", pkgname:"gnumeric-plugins-extra", pkgver:"1.6.3-0ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"gnumeric", pkgver:"1.7.0-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"gnumeric-common", pkgver:"1.7.0-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"gnumeric-doc", pkgver:"1.7.0-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"gnumeric-gtk", pkgver:"1.7.0-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"6.10", pkgname:"gnumeric-plugins-extra", pkgver:"1.7.0-1ubuntu4.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"gnumeric", pkgver:"1.7.8-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"gnumeric-common", pkgver:"1.7.8-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"gnumeric-doc", pkgver:"1.7.8-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"gnumeric-gtk", pkgver:"1.7.8-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.04", pkgname:"gnumeric-plugins-extra", pkgver:"1.7.8-0ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"gnumeric", pkgver:"1.7.11-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"gnumeric-common", pkgver:"1.7.11-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"gnumeric-doc", pkgver:"1.7.11-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"gnumeric-gtk", pkgver:"1.7.11-1ubuntu3.1")) flag++;
    if (ubuntu_check(osver:"7.10", pkgname:"gnumeric-plugins-extra", pkgver:"1.7.11-1ubuntu3.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnumeric / gnumeric-common / gnumeric-doc / gnumeric-gtk / etc");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200802-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200802-05 (Gnumeric: User-assisted execution of arbitrary code) Multiple integer overflow and signedness errors have been reported in the excel_read_HLINK() function in file plugins/excel/ms-excel-read.c when processing XLS HLINK opcodes. Impact : A remote attacker could entice a user to open a specially crafted XLS file, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id31083
    published2008-02-14
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/31083
    titleGLSA-200802-05 : Gnumeric: User-assisted execution of arbitrary code
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200802-05.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31083);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:44");
    
      script_cve_id("CVE-2008-0668");
      script_xref(name:"GLSA", value:"200802-05");
    
      script_name(english:"GLSA-200802-05 : Gnumeric: User-assisted execution of arbitrary code");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200802-05
    (Gnumeric: User-assisted execution of arbitrary code)
    
        Multiple integer overflow and signedness errors have been reported in
        the excel_read_HLINK() function in file plugins/excel/ms-excel-read.c
        when processing XLS HLINK opcodes.
      
    Impact :
    
        A remote attacker could entice a user to open a specially crafted XLS
        file, possibly resulting in the remote execution of arbitrary code with
        the privileges of the user running the application.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200802-05"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Gnumeric users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-office/gnumeric-1.8.1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gnumeric");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-office/gnumeric", unaffected:make_list("ge 1.8.1"), vulnerable:make_list("lt 1.8.1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Gnumeric");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1546.NASL
    descriptionThilo Pfennig and Morten Welinder discovered several integer overflow weaknesses in Gnumeric, a GNOME spreadsheet application. These vulnerabilities could result in the execution of arbitrary code through the opening of a maliciously crafted Excel spreadsheet.
    last seen2020-06-01
    modified2020-06-02
    plugin id31952
    published2008-04-17
    reporterThis script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/31952
    titleDebian DSA-1546-1 : gnumeric - integer overflow
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1546. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(31952);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:21");
    
      script_cve_id("CVE-2008-0668");
      script_xref(name:"DSA", value:"1546");
    
      script_name(english:"Debian DSA-1546-1 : gnumeric - integer overflow");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Thilo Pfennig and Morten Welinder discovered several integer overflow
    weaknesses in Gnumeric, a GNOME spreadsheet application. These
    vulnerabilities could result in the execution of arbitrary code
    through the opening of a maliciously crafted Excel spreadsheet."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.debian.org/security/2008/dsa-1546"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the gnumeric packages.
    
    For the stable distribution (etch), these problems have been fixed in
    version 1.6.3-5+etch1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gnumeric");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/04/10");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/04/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"4.0", prefix:"gnumeric", reference:"1.6.3-5.1+etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"gnumeric-common", reference:"1.6.3-5.1+etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"gnumeric-doc", reference:"1.6.3-5.1+etch1")) flag++;
    if (deb_check(release:"4.0", prefix:"gnumeric-plugins-extra", reference:"1.6.3-5.1+etch1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1313.NASL
    descriptionFix integer overflow and signedness errors in XLS processing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id30237
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30237
    titleFedora 7 : gnumeric-1.6.3-14.fc7 (2008-1313)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-1313.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(30237);
      script_version ("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:27");
    
      script_cve_id("CVE-2008-0668");
      script_xref(name:"FEDORA", value:"2008-1313");
    
      script_name(english:"Fedora 7 : gnumeric-1.6.3-14.fc7 (2008-1313)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fix integer overflow and signedness errors in XLS processing
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431226"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007495.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7903d389"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected gnumeric package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnumeric");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:7");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 7.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC7", reference:"gnumeric-1.6.3-14.fc7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnumeric");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2008-1403.NASL
    descriptionFix integer overflow and signedness errors in XLS processing Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id30240
    published2008-02-11
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/30240
    titleFedora 8 : gnumeric-1.6.3-14.fc8 (2008-1403)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2008-1403.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(30240);
      script_version ("1.11");
      script_cvs_date("Date: 2019/08/02 13:32:27");
    
      script_cve_id("CVE-2008-0668");
      script_xref(name:"FEDORA", value:"2008-1403");
    
      script_name(english:"Fedora 8 : gnumeric-1.6.3-14.fc8 (2008-1403)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fix integer overflow and signedness errors in XLS processing
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=431226"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2008-February/007608.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1fc89818"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected gnumeric package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_cwe_id(189);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gnumeric");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:8");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2008/02/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2008/02/11");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2008-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 8.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC8", reference:"gnumeric-1.6.3-14.fc8")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnumeric");
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2008-056.NASL
    descriptionA vulnerability was found in the excel_read_HLINK function in the Microsoft Excel plugin in Gnumeric prior to version 1.8.1 that would allow for the execution of arbitrary code via a crafted XLS file containing XLS HLINK opcodes. The updated packages have been patched to correct this issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id37027
    published2009-04-23
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/37027
    titleMandriva Linux Security Advisory : gnumeric (MDVSA-2008:056)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_GNUMERIC-5393.NASL
    descriptionSpecially crafed xls files could trigger integer overflows in gnumeric that could potentially be exploited to execute arbitrary code (CVE-2008-0668).
    last seen2020-06-01
    modified2020-06-02
    plugin id33559
    published2008-07-23
    reporterThis script is Copyright (C) 2008-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/33559
    titleopenSUSE 10 Security Update : gnumeric (gnumeric-5393)