Vulnerabilities > CVE-2014-3693
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Use-after-free vulnerability in the socket manager of Impress Remote in LibreOffice 4.x before 4.2.7 and 4.3.x before 4.3.3 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request to TCP port 1599.
Vulnerable Configurations
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201603-05.NASL description The remote host is affected by the vulnerability described in GLSA-201603-05 (LibreOffice, OpenOffice: Multiple vulnerabilities) Multiple vulnerabilities were found in both LibreOffice and OpenOffice that allow the remote execution of arbitrary code and potential Denial of Service. These vulnerabilities may be exploited through multiple vectors including crafted documents, link handling, printer setup in ODF document types, DOC file formats, and Calc spreadsheets. Please review the referenced CVE’s for specific information regarding each. Impact : A remote attacker could entice a user to open a specially crafted file using the LibreOffice or OpenOffice suite of software. Execution of these attacks could possibly result in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known work around at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 89811 published 2016-03-10 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89811 title GLSA-201603-05 : LibreOffice, OpenOffice: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201603-05. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(89811); script_version("2.2"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2014-3524", "CVE-2014-3575", "CVE-2014-3693", "CVE-2014-9093", "CVE-2015-1774", "CVE-2015-4551", "CVE-2015-5212", "CVE-2015-5213", "CVE-2015-5214"); script_xref(name:"GLSA", value:"201603-05"); script_name(english:"GLSA-201603-05 : LibreOffice, OpenOffice: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201603-05 (LibreOffice, OpenOffice: Multiple vulnerabilities) Multiple vulnerabilities were found in both LibreOffice and OpenOffice that allow the remote execution of arbitrary code and potential Denial of Service. These vulnerabilities may be exploited through multiple vectors including crafted documents, link handling, printer setup in ODF document types, DOC file formats, and Calc spreadsheets. Please review the referenced CVE’s for specific information regarding each. Impact : A remote attacker could entice a user to open a specially crafted file using the LibreOffice or OpenOffice suite of software. Execution of these attacks could possibly result in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known work around at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201603-05" ); script_set_attribute( attribute:"solution", value: "All LibreOffice users should upgrade their respective packages to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/libreoffice-4.4.2' # emerge --ask --oneshot --verbose '>=app-office/libreoffice-bin-4.4.2'# emerge --ask --oneshot --verbose '>=app-office/libreoffice-bin-debug-4.4.2' All OpenOffice users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=app-office/openoffice-bin-4.1.2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libreoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libreoffice-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:libreoffice-bin-debug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openoffice-bin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/08/26"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-office/libreoffice", unaffected:make_list("ge 4.4.2"), vulnerable:make_list("lt 4.4.2"))) flag++; if (qpkg_check(package:"app-office/libreoffice-bin", unaffected:make_list("ge 4.4.2"), vulnerable:make_list("lt 4.4.2"))) flag++; if (qpkg_check(package:"app-office/libreoffice-bin-debug", unaffected:make_list("ge 4.4.2"), vulnerable:make_list("lt 4.4.2"))) flag++; if (qpkg_check(package:"app-office/openoffice-bin", unaffected:make_list("ge 4.1.2"), vulnerable:make_list("lt 4.1.2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "LibreOffice / OpenOffice"); }NASL family Windows NASL id LIBREOFFICE_427.NASL description A version of LibreOffice is installed on the remote Windows host that is 4.x prior to 4.2.7. It is, therefore, affected by a use-after-free vulnerability related to the Impress Remote socket manager that allows denial of service attacks or arbitrary code execution by means of a specially crafted TCP request that causes already freed memory to be dereferenced. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 80079 published 2014-12-17 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80079 title LibreOffice 4.x < 4.2.7 Impress Remote RCE code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(80079); script_version("1.5"); script_cvs_date("Date: 2018/11/15 20:50:27"); script_cve_id("CVE-2014-3693"); script_bugtraq_id(71351); script_name(english:"LibreOffice 4.x < 4.2.7 Impress Remote RCE"); script_summary(english:"Checks the version of LibreOffice."); script_set_attribute(attribute:"synopsis", value: "The remote host contains an application that is affected by a use-after-free memory vulnerability."); script_set_attribute(attribute:"description", value: "A version of LibreOffice is installed on the remote Windows host that is 4.x prior to 4.2.7. It is, therefore, affected by a use-after-free vulnerability related to the Impress Remote socket manager that allows denial of service attacks or arbitrary code execution by means of a specially crafted TCP request that causes already freed memory to be dereferenced. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"solution", value:"Upgrade to LibreOffice version 4.2.7 (4.2.7.2) or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"see_also", value:"https://www.libreoffice.org/about-us/security/advisories/cve-2014-3693/"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/11/05"); script_set_attribute(attribute:"patch_publication_date", value:"2014/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/17"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:libreoffice:libreoffice"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_dependencies("libreoffice_installed.nasl"); script_require_keys("installed_sw/LibreOffice", "Settings/ParanoidReport"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); app_name = "LibreOffice"; if (report_paranoia < 2) audit(AUDIT_PARANOID); install = get_single_install(app_name:app_name, exit_if_unknown_ver:TRUE); version = install['version']; version_ui = install['display_version']; path = install['path']; if ( # 4.0.x / 4.1.x version =~ "^4\.[01]($|[^0-9])" || # 4.2.x < 4.2.7 version =~ "^4\.2\.[0-6]($|[^0-9])" || # 4.2.7 Release is 4.2.7.2 version =~ "^4\.2\.7\.[01]($|[^0-9])" ) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version_ui + '\n Fixed version : 4.2.7 (4.2.7.2)' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); } else audit(AUDIT_INST_PATH_NOT_VULN, app_name, version_ui, path);NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-0377.NASL description From Red Hat Security Advisory 2015:0377 : Updated libreoffice packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macros. (CVE-2014-0247) A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution. (CVE-2014-3575) A use-after-free flaw was found in the last seen 2020-06-01 modified 2020-06-02 plugin id 81804 published 2015-03-13 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81804 title Oracle Linux 7 : libreoffice (ELSA-2015-0377) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-682.NASL description libreoffice was updated to version 4.3.3 to fix two security issues : These security issues were fixed : - last seen 2020-06-05 modified 2014-11-19 plugin id 79323 published 2014-11-19 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79323 title openSUSE Security Update : libreoffice (openSUSE-SU-2014:1443-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2398-1.NASL description It was discovered that LibreOffice incorrectly handled the Impress remote control port. An attacker could possibly use this issue to cause Impress to crash, resulting in a denial of service, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 78888 published 2014-11-06 reporter Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78888 title Ubuntu 14.04 LTS / 14.10 : libreoffice vulnerability (USN-2398-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-661.NASL description libreoffice was updated to fix two security issues. 	 These security issues were fixed : - last seen 2020-06-05 modified 2014-11-17 plugin id 79268 published 2014-11-17 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79268 title openSUSE Security Update : libreoffice (openSUSE-SU-2014:1412-1) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-0377.NASL description Updated libreoffice packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macros. (CVE-2014-0247) A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution. (CVE-2014-3575) A use-after-free flaw was found in the last seen 2020-06-01 modified 2020-06-02 plugin id 81633 published 2015-03-05 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81633 title RHEL 7 : libreoffice (RHSA-2015:0377) NASL family SuSE Local Security Checks NASL id SUSE_11_LIBREOFFICE-2014-11-19-141120.NASL description LibreOffice was updated to fix two security issues. These security issues have been fixed : - last seen 2020-06-05 modified 2014-12-03 plugin id 79687 published 2014-12-03 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/79687 title SuSE 11.3 Security Update : LibreOffice (SAT Patch Number 10001) NASL family Scientific Linux Local Security Checks NASL id SL_20150305_LIBREOFFICE_ON_SL7_X.NASL description It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macros. (CVE-2014-0247) A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution. (CVE-2014-3575) A use-after-free flaw was found in the last seen 2020-03-18 modified 2015-03-26 plugin id 82256 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/82256 title Scientific Linux Security Update : libreoffice on SL7.x x86_64 (20150305) NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-273.NASL description This update for LibreOffice and some library dependencies (cmis-client, libetonyek, libmwaw, libodfgen, libpagemaker, libreoffice-share-linker, mdds, libwps) fixes the following issues : Changes in libreoffice : - Provide l10n-pt from pt-PT - boo#945047 - LO-L3: LO is duplicating master pages, extended fix - boo#951579 - LO-L3: [LibreOffice] Calc 5.0 fails to open ods files - deleted RPATH prevented loading of bundled 3rd party RDF handler libs - Version update to 5.0.4.2 : - Final of the 5.0.4 series - boo#945047 - LO-L3: LO is duplicating master pages - Version update to 5.0.4.1 : - rc1 of 5.0.4 with various regression fixes - boo#954345 - LO-L3: Insert-->Image-->Insert as Link hangs writer - Version update to 5.0.3.2 : - Final tag of 5.0.3 release - Fix boo#939996 - LO-L3: Some bits from DOCX file are not imported - Fix boo#889755 - LO-L3: PPTX: chart axis number format incorrect - boo#679938 - LO-L3: saving to doc file the chapter name in the header does not change with chapters - Version update to 5.0.3RC1 as it should fix i586 test failure - Update text2number extension to 1.5.0 - obsolete libreoffice-mono - pentaho-flow-reporting require is conditional on system_libs - Update icon theme dependencies - https://lists.debian.org/debian-openoffice/2015/09/msg00343.html - Version bump to 5.0.2 final fate#318856 fate#319071 boo#943075 boo#945692 : - Small tweaks compared to rc1 - For sake of completion this release also contains security fixes for boo#910806 CVE-2014-8147, boo#907636 CVE-2014-9093, boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423 CVE-2015-45513, boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423 CVE-2015-45513, boo#934423 CVE-2015-4551, boo#910805 CVE-2014-8146, boo#940838 CVE-2015-5214, boo#936190 CVE-2015-5213, boo#936188 CVE-2015-5212, boo#934423 CVE-2015-4551 - Use gcc48 to build on sle11sp4 - Make debuginfo last seen 2020-06-05 modified 2016-02-29 plugin id 89016 published 2016-02-29 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/89016 title openSUSE Security Update : LibreOffice and related libraries (openSUSE-2016-273) NASL family Windows NASL id LIBREOFFICE_433.NASL description A version of LibreOffice is installed on the remote Windows host that is 4.3.x prior to 4.3.3. It is, therefore, affected by a use-after-free vulnerability related to the Impress Remote socket manager that allows denial of service attacks or arbitrary code execution by means of a specially crafted TCP request that causes already freed memory to be dereferenced. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 80081 published 2014-12-17 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80081 title LibreOffice 4.3.x < 4.3.3 Impress Remote RCE NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-0377.NASL description Updated libreoffice packages that fix three security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. LibreOffice is an open source, community-developed office productivity suite. It includes key desktop applications, such as a word processor, a spreadsheet, a presentation manager, a formula editor, and a drawing program. LibreOffice replaces OpenOffice and provides a similar but enhanced and extended office suite. It was found that LibreOffice documents executed macros unconditionally, without user approval, when these documents were opened using LibreOffice. An attacker could use this flaw to execute arbitrary code as the user running LibreOffice by embedding malicious VBA scripts in the document as macros. (CVE-2014-0247) A flaw was found in the OLE (Object Linking and Embedding) generation in LibreOffice. An attacker could use this flaw to embed malicious OLE code in a LibreOffice document, allowing for arbitrary code execution. (CVE-2014-3575) A use-after-free flaw was found in the last seen 2020-06-01 modified 2020-06-02 plugin id 81892 published 2015-03-18 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81892 title CentOS 7 : libabw / libcmis / libetonyek / libfreehand / liblangtag / libmwaw / libodfgen / etc (CESA-2015:0377)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/
- http://secunia.com/advisories/62132
- http://secunia.com/advisories/62111
- http://www.ubuntu.com/usn/USN-2398-1
- http://lists.opensuse.org/opensuse-updates/2014-11/msg00049.html
- http://secunia.com/advisories/62396
- http://rhn.redhat.com/errata/RHSA-2015-0377.html
- http://www.securityfocus.com/bid/71351
- https://security.gentoo.org/glsa/201603-05