Vulnerabilities > CVE-2017-12608 - Out-of-bounds Write vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

apache

debian

CWE-787

nessus

NVD

Published: 2017-11-20

Updated: 2022-02-07

Summary

A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Openoffice - Apache Openoffice 1.0.2 Apache Openoffice 1.0.3 Apache Openoffice 1.1.0 Apache Openoffice 1.1.4 Apache Openoffice 1.1.5 Apache Openoffice 2.0.0 Apache Openoffice 2.0.1 Apache Openoffice 2.0.2 Apache Openoffice 2.0.3 Apache Openoffice 2.0.4 Apache Openoffice 2.1.0 Apache Openoffice 2.2.0 Apache Openoffice 2.2.1 Apache Openoffice 2.3.0 Apache Openoffice 2.3.1 Apache Openoffice 2.4.0 Apache Openoffice 2.4.1 Apache Openoffice 2.4.2 Apache Openoffice 2.4.3 Apache Openoffice 3.0.0 Apache Openoffice 3.0.1 Apache Openoffice 3.1.0 Apache Openoffice 3.1.1 Apache Openoffice 3.2.0 Apache Openoffice 3.2.1 Apache Openoffice 3.3.0 Apache Openoffice 3.4.0 Apache Openoffice 3.4.1 Apache Openoffice 4.0.0 Apache Openoffice 4.0.1 Apache Openoffice 4.1.0 Apache Openoffice 4.1.1 Apache Openoffice 4.1.2 Apache Openoffice 4.1.3	39
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 7.0	2

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Nessus

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DLA-1214.NASL
description	Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened. For Debian 7
last seen	2020-03-17
modified	2017-12-21
plugin id	105395
published	2017-12-21
reporter	This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/105395
title	Debian DLA-1214-1 : libreoffice security update
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DLA-1214-1. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(105395); script_version("3.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2017-12607", "CVE-2017-12608"); script_name(english:"Debian DLA-1214-1 : libreoffice security update"); script_summary(english:"Checks dpkg output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security update." ); script_set_attribute( attribute:"description", value: "Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened. For Debian 7 'Wheezy', these problems have been fixed in version 1:3.5.4+dfsg2-0+deb7u10. We recommend that you upgrade your libreoffice packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://lists.debian.org/debian-lts-announce/2017/12/msg00017.html" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/wheezy/libreoffice" ); script_set_attribute(attribute:"solution", value:"Upgrade the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fonts-opensymbol"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-base-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-calc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-dev-doc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-draw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-emailmerge"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-evolution"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-filter-binfilter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-filter-mobiledev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-gcj"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-gnome"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-gtk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-gtk3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-ca"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-cs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-da"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-de"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-dz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-en-gb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-en-us"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-es"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-et"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-eu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-fi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-fr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-gl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-hi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-hu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-it"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-ja"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-km"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-ko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-nl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-om"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-pt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-pt-br"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-ru"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-sk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-sl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-sv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-zh-cn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-help-zh-tw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-impress"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-java-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-kde"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-af"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-as"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ast"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-be"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-bg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-bn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-br"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-bs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ca"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-cs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-cy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-da"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-de"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-dz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-en-gb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-en-za"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-eo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-es"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-et"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-eu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-fa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-fi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-fr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-gl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-gu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-he"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-hi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-hr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-hu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-id"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-in"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-is"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-it"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ja"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-km"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ku"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-lt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-lv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-mk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ml"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-mn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-mr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-nb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ne"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-nl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-nn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-nr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-nso"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-oc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-om"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-or"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-pa-in"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-pt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-pt-br"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ro"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ru"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-rw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-si"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-sk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-sl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-sr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ss"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-st"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-sv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ta"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-te"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-tg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-th"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-tn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-tr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ug"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-uk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-uz"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-ve"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-vi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-xh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-za"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-zh-cn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-zh-tw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-l10n-zu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-math"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-mysql-connector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-officebean"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-ogltrans"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-pdfimport"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-presentation-minimizer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-presenter-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-report-builder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-report-builder-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-script-provider-bsh"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-script-provider-js"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-script-provider-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-sdbc-postgresql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-style-crystal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-style-galaxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-style-hicontrast"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-style-oxygen"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-style-tango"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-wiki-publisher"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libreoffice-writer"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:openoffice.org-dtd-officedocument1.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-uno"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python3-uno"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ttf-opensymbol"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_set_attribute(attribute:"patch_publication_date", value:"2017/12/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2017/12/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"fonts-opensymbol", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-base", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-base-core", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-calc", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-common", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-core", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-dbg", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-dev", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-dev-doc", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-draw", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-emailmerge", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-evolution", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-filter-binfilter", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-filter-mobiledev", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-gcj", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-gnome", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-gtk", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-gtk3", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-ca", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-cs", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-da", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-de", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-dz", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-el", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-en-gb", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-en-us", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-es", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-et", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-eu", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-fi", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-fr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-gl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-hi", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-hu", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-it", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-ja", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-km", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-ko", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-nl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-om", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-pl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-pt", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-pt-br", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-ru", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-sk", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-sl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-sv", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-zh-cn", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-help-zh-tw", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-impress", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-java-common", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-kde", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-af", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ar", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-as", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ast", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-be", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-bg", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-bn", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-br", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-bs", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ca", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-cs", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-cy", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-da", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-de", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-dz", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-el", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-en-gb", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-en-za", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-eo", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-es", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-et", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-eu", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-fa", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-fi", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-fr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ga", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-gl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-gu", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-he", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-hi", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-hr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-hu", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-id", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-in", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-is", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-it", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ja", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ka", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-km", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ko", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ku", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-lt", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-lv", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-mk", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ml", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-mn", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-mr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-nb", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ne", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-nl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-nn", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-nr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-nso", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-oc", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-om", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-or", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-pa-in", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-pl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-pt", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-pt-br", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ro", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ru", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-rw", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-si", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-sk", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-sl", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-sr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ss", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-st", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-sv", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ta", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-te", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-tg", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-th", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-tn", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-tr", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ts", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ug", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-uk", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-uz", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-ve", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-vi", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-xh", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-za", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-zh-cn", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-zh-tw", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-l10n-zu", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-math", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-mysql-connector", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-officebean", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-ogltrans", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-pdfimport", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-presentation-minimizer", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-presenter-console", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-report-builder", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-report-builder-bin", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-script-provider-bsh", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-script-provider-js", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-script-provider-python", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-sdbc-postgresql", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-style-crystal", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-style-galaxy", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-style-hicontrast", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-style-oxygen", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-style-tango", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-wiki-publisher", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"libreoffice-writer", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"openoffice.org-dtd-officedocument1.0", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"python-uno", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"python3-uno", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (deb_check(release:"7.0", prefix:"ttf-opensymbol", reference:"1:3.5.4+dfsg2-0+deb7u10")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-3472-1.NASL
description	Marcin Noga discovered that LibreOffice incorrectly handled PPT documents. If a user were tricked into opening a specially crafted PPT document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2017-12607) Marcin Noga discovered that LibreOffice incorrectly handled Word documents. If a user were tricked into opening a specially crafted Word document, a remote attacker could cause LibreOffice to crash, and possibly execute arbitrary code. (CVE-2017-12608). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	104377
published	2017-11-03
reporter	Ubuntu Security Notice (C) 2017-2019 Canonical, Inc. / NASL script (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/104377
title	Ubuntu 14.04 LTS : libreoffice vulnerabilities (USN-3472-1)

NASL family	Debian Local Security Checks
NASL id	DEBIAN_DSA-4022.NASL
description	Marcin Noga discovered two vulnerabilities in LibreOffice, which could result in the execution of arbitrary code if a malformed PPT or DOC document is opened.
last seen	2020-06-01
modified	2020-06-02
plugin id	104465
published	2017-11-09
reporter	This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/104465
title	Debian DSA-4022-1 : libreoffice - security update

NASL family	Windows
NASL id	OPENOFFICE_414.NASL
description	The version of Apache OpenOffice installed on the remote host is a version prior to 4.1.4. It is, therefore, affected by multiple Out-of-Bounds vulnerabilities and a file disclosure vulnerability in Calc/Writer.
last seen	2020-06-01
modified	2020-06-02
plugin id	104351
published	2017-11-02
reporter	This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/104351
title	Apache OpenOffice < 4.1.4 Multiple Vulnerabilities

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_27229C67B8FF11E79F79AC9E174BE3AF.NASL
description	The Apache Openofffice project reports : CVE-2017-3157: Arbitrary file disclosure in Calc and Writer By exploiting the way OpenOffice renders embedded objects, an attacker could craft a document that allows reading in a file from the user
last seen	2020-06-01
modified	2020-06-02
plugin id	104162
published	2017-10-26
reporter	This script is Copyright (C) 2017-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/104162
title	FreeBSD : Apache OpenOffice -- multiple vulnerabilities (27229c67-b8ff-11e7-9f79-ac9e174be3af)

Seebug

bulletinFamily	exploit
description	### Summary An exploitable out-of-bounds write vulnerability exists in the WW8RStyle::ImportOldFormatStyles functionality of Apache OpenOffice 4.1.3. A specially crafted doc file can cause a out-of-bounds write resulting in arbitrary code execution. An attacker can send/provide malicious doc file to trigger this vulnerability. ### Tested Versions Apache OpenOffice 4.1.3 ### Product URLs http://www.openoffice.org/ ### CVSSv3 Score 8.3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H ### CWE CWE-787 - Out-of-bounds Write ### Details This vulnerability is present in Apache OpenOffice (formerly OpenOffice.org), a free open source office suite. A specially crafted DOC file can lead to an out-of-bounds write and ultimately to remote code execution. Let's investigate this vulnerability. After opening Writer with a malformed doc file we see the following state: ``` gdb-peda$ context [----------------------------------registers-----------------------------------] EAX: 0xab73dffc --> 0x0 EBX: 0xab90d3fc --> 0x15ecc8 ECX: 0xbfffd0d8 --> 0xab73849c --> 0x106 EDX: 0xb6c ('l\x0b') ESI: 0xb6c ('l\x0b') EDI: 0xbfffd0d8 --> 0xab73849c --> 0x106 EBP: 0xbfffd138 --> 0xbfffd158 --> 0xbfffd1a8 --> 0xbfffd3e8 --> 0xbfffd6a8 (0xbfffd738) ESP: 0xbfffd050 --> 0xb7fff000 --> 0x23f3c EIP: 0xab887c90 (mov BYTE PTR [eax+0x4],0x0) EFLAGS: 0x210286 (carry PARITY adjust zero SIGN trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0xab887c87: mov eax,edi 0xab887c89: mov edx,esi 0xab887c8b: call 0xab886212 => 0xab887c90: mov BYTE PTR [eax+0x4],0x0 0xab887c94: mov al,BYTE PTR [ebp-0x10] 0xab887c97: mov BYTE PTR [ebp-0xd1],al 0xab887c9d: inc al 0xab887c9f: je 0xab887d2c [------------------------------------stack-------------------------------------] 0000\| 0xbfffd050 --> 0xb7fff000 --> 0x23f3c 0004\| 0xbfffd054 --> 0x82587d8 --> 0xab7ae000 --> 0x464c457f 0008\| 0xbfffd058 --> 0xbfffd070 --> 0x20001 0012\| 0xbfffd05c --> 0xab7b875e ("_ZN14SvxLRSpaceItemC1Et") 0016\| 0xbfffd060 --> 0x0 0020\| 0xbfffd064 --> 0xffd104 0024\| 0xbfffd068 --> 0xb7837c7b (<__pthread_mutex_unlock_usercnt+11>: add edi,0x10385) 0028\| 0xbfffd06c --> 0xb7fd0af8 --> 0x1bf974 [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGSEGV gdb-peda$ bt #0 0xab887c90 in ?? () from /opt/openoffice4/program/libmsword.so #1 0xab888507 in ?? () from /opt/openoffice4/program/libmsword.so #2 0xab88d9a3 in ?? () from /opt/openoffice4/program/libmsword.so #3 0xab876b17 in ?? () from /opt/openoffice4/program/libmsword.so #4 0xab8786ec in ?? () from /opt/openoffice4/program/libmsword.so #5 0xab878a8b in ?? () from /opt/openoffice4/program/libmsword.so #6 0xab879f9a in ?? () from /opt/openoffice4/program/libmsword.so #7 0xac162c7b in ?? () from /opt/openoffice4/program/../program/libsw.so #8 0xac21c730 in ?? () from /opt/openoffice4/program/../program/libsw.so #9 0xb7408b73 in SfxObjectShell::DoLoad(SfxMedium) () from /opt/openoffice4/program/libsfx.so #10 0xb7434353 in SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) () from /opt/openoffice4/program/libsfx.so #11 0xb749aaa4 in ?? () from /opt/openoffice4/program/libsfx.so #12 0xb4e0c621 in ?? () from /opt/openoffice4/program/libfwk.so #13 0xb4e0cf19 in ?? () from /opt/openoffice4/program/libfwk.so #14 0xb4dbec7a in ?? () from /opt/openoffice4/program/libfwk.so #15 0xb4dbeec4 in ?? () from /opt/openoffice4/program/libfwk.so #16 0xb77b7715 in comphelper::SynchronousDispatch::dispatch(com::sun::star::uno::Reference<com::sun::star::uno ::XInterface> const&, rtl::OUString const&, rtl::OUString const&, long, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&) ()from /opt/openoffice4/program/libcomphelpgcc3.so #17 0xb7dd9bf4 in ?? () from /opt/openoffice4/program/libsofficeapp.so #18 0xb7de2a92 in ?? () from /opt/openoffice4/program/libsofficeapp.so #19 0xb7dc61cd in ?? () from /opt/openoffice4/program/libsofficeapp.so #20 0xb7dc650b in ?? () from /opt/openoffice4/program/libsofficeapp.so #21 0xb7dc65b3 in ?? () from /opt/openoffice4/program/libsofficeapp.so #22 0xb64784dd in ?? () from /opt/openoffice4/program/libvcl.so #23 0xb66dd92e in ?? () from /opt/openoffice4/program/libvcl.so #24 0xb2fb7de9 in ?? () from /opt/openoffice4/program/libvclplug_gen.so #25 0xb2fc3b52 in SalDisplay::DispatchInternalEvent() () from /opt/openoffice4/program/libvclplug_gen.so #26 0xb3074fa9 in ?? () from /opt/openoffice4/program/libvclplug_gtk.so #27 0xb3074fd8 in ?? () from /opt/openoffice4/program/libvclplug_gtk.so #28 0xb2d82610 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0 #29 0xb2d85d9b in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0 #30 0xb2d86189 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0 #31 0xb2d86254 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0 #32 0xb3074d80 in ?? () from /opt/openoffice4/program/libvclplug_gtk.so #33 0xb2fcafb9 in X11SalInstance::Yield(bool, bool) () from /opt/openoffice4/program/libvclplug_gen.so #34 0xb6484ff2 in ?? () from /opt/openoffice4/program/libvcl.so #35 0xb6481dbe in Application::Yield(bool) () from /opt/openoffice4/program/libvcl.so #36 0xb6483ccb in Application::Execute() () from /opt/openoffice4/program/libvcl.so #37 0xb7dc32a0 in ?? () from /opt/openoffice4/program/libsofficeapp.so #38 0xb6488d8b in ?? () from /opt/openoffice4/program/libvcl.so #39 0xb6488e79 in SVMain() () from /opt/openoffice4/program/libvcl.so #40 0xb7de3e10 in soffice_main () from /opt/openoffice4/program/libsofficeapp.so #41 0x08048c84 in main () #42 0xb789a637 in __libc_start_main (main=0xab9bf618, argc=0xab8884df, argv=0xab90d3fc, init=0xab963010, fini=0xbfffd1a8, rtld_fini=0xab88d9a3, stack_end=0xaae2c5a8) at ../csu/libc- start.c:291 The write to `eax+0x4` causes an access violation because : gdb-peda$ vmmap $eax+4 Start End Perm Name 0xab73e000 0xab795000 r-xp /opt/openoffice4/program/libunoxml.so Let's investigate the vulnerable code: sw\source\filter\ww8\ww8par2.cxx Line 4462 void WW8RStyle::ImportOldFormatStyles() { (...) Line 4474 sal_uInt16 cstcStd; Line 4475 rSt >> cstcStd; Line 4476 Line 4477 sal_uInt16 cbName; Line 4478 rSt >> cbName; Line 4479 sal_uInt16 nByteCount = 2; Line 4480 sal_uInt16 stcp=0; Line 4481 while (nByteCount < cbName) { (...) Line 4518 stcp++ } (...) Line 4521 sal_uInt16 nStyles=stcp; Line 4522 Line 4523 std::vector<pxoffset> aCHPXOffsets(stcp); Line 4524 sal_uInt16 cbChpx; Line 4525 rSt >> cbChpx; Line 4526 nByteCount = 2; Line 4527 stcp=0; Line 4528 std::vector< std::vector<sal_uInt8> > aConvertedChpx; Line 4529 while (nByteCount < cbChpx) Line 4530 { Line 4531 sal_uInt8 cb; Line 4532 rSt >> cb; Line 4533 nByteCount++; Line 4534 Line 4535 aCHPXOffsets[stcp].mnSize = 0; (...) Line 4553 stcp++; } ``` At `line 4480` we see that `stcp` is initialized with a 0 value. Next, if read directly from the file, `cbName` value won't be bigger than 2, `stcp` won't be increased and stay with initialized value (0). Based on `stcp` at `line 4523`, the `aCHPXOffsets` vector is allocated. The `cbChpx` variable value is read directly from the file at `line 4525` and then used as a constrain in a while loop. The while loop will be executed as many times as indicated by `cbChpx`, there is no check to see whether its value is greater than `stcp`, which leads to an out-of-bounds write at `line 4535`. That situation causes memory corruption and can lead to arbitrary code execution by the attacker. ``` Values for significant variables are coming from offset 0xFF: Offset 0 1 2 3 4 5 6 7 8 9 A B C D E F 000000F0 09 . 00000100 00 00 00 00 88 88 00 05 ...... cstcStd = WORD 09 00 cbName = WORD 00 00 cbChpx = WORD 88 88 ``` ### Crash Information ``` gdb-peda$ context [----------------------------------registers-----------------------------------] EAX: 0xab73dffc --> 0x0 EBX: 0xab90d3fc --> 0x15ecc8 ECX: 0xbfffd0d8 --> 0xab73849c --> 0x106 EDX: 0xb6c ('l\x0b') ESI: 0xb6c ('l\x0b') EDI: 0xbfffd0d8 --> 0xab73849c --> 0x106 EBP: 0xbfffd138 --> 0xbfffd158 --> 0xbfffd1a8 --> 0xbfffd3e8 --> 0xbfffd6a8 (0xbfffd738) ESP: 0xbfffd050 --> 0xb7fff000 --> 0x23f3c EIP: 0xab887c90 (mov BYTE PTR [eax+0x4],0x0) EFLAGS: 0x210286 (carry PARITY adjust zero SIGN trap INTERRUPT direction overflow) [-------------------------------------code-------------------------------------] 0xab887c87: mov eax,edi 0xab887c89: mov edx,esi 0xab887c8b: call 0xab886212 => 0xab887c90: mov BYTE PTR [eax+0x4],0x0 0xab887c94: mov al,BYTE PTR [ebp-0x10] 0xab887c97: mov BYTE PTR [ebp-0xd1],al 0xab887c9d: inc al 0xab887c9f: je 0xab887d2c [------------------------------------stack-------------------------------------] 0000\| 0xbfffd050 --> 0xb7fff000 --> 0x23f3c 0004\| 0xbfffd054 --> 0x82587d8 --> 0xab7ae000 --> 0x464c457f 0008\| 0xbfffd058 --> 0xbfffd070 --> 0x20001 0012\| 0xbfffd05c --> 0xab7b875e ("_ZN14SvxLRSpaceItemC1Et") 0016\| 0xbfffd060 --> 0x0 0020\| 0xbfffd064 --> 0xffd104 0024\| 0xbfffd068 --> 0xb7837c7b (<__pthread_mutex_unlock_usercnt+11>: add edi,0x10385) 0028\| 0xbfffd06c --> 0xb7fd0af8 --> 0x1bf974 [------------------------------------------------------------------------------] Legend: code, data, rodata, value Stopped reason: SIGSEGV gdb-peda$ exploitable -m Warning: machine string printing is deprecated and may be removed in a future release. EXCEPTION_FAULTING_ADDRESS:0x000000ab73e000 EXCEPTION_CODE:0xb FAULTING_INSTRUCTION:mov BYTE PTR [eax+0x4],0x0 MAJOR_HASH:267590b160c1d882cadfa5981b70941e MINOR_HASH:79312db15af9cfd3ad94d7a16227d7d3 STACK_DEPTH:42 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libmsword.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsw.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsw.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsfx.so!SfxObjectShell::DoLoad(SfxMedium)+ 0x0 STACK_FRAME:/opt/openoffice4/program/libsfx.so!SfxBaseModel::load(com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)+0x0 STACK_FRAME:/opt/openoffice4/program/libsfx.so+0x0 STACK_FRAME:/opt/openoffice4/program/libfwk.so+0x0 STACK_FRAME:/opt/openoffice4/program/libfwk.so+0x0 STACK_FRAME:/opt/openoffice4/program/libfwk.so+0x0 STACK_FRAME:/opt/openoffice4/program/libfwk.so+0x0 STACK_FRAME:/opt/openoffice4/program/libcomphelpgcc3.so!comphelper::Synchronous Dispatch::dispatch(com::sun::star::uno::Reference<com::sun::star::uno::XInterface> const&, rtl::OUString const&, rtl::OUString const&, long, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> const&)+0x0 STACK_FRAME:/opt/openoffice4/program/libcomphelpgcc3.so!comphelper::SynchronousDispatch::dispatch STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so+0x0 STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvclplug_gen.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvclplug_gen.so!SalDisplay::DispatchInternalEv ent()+0x0 STACK_FRAME:/opt/openoffice4/program/libvclplug_gtk.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvclplug_gtk.so+0x0 STACK_FRAME:/lib/i386-linux-gnu/libglib-2.0.so.0.4800.2+0x0 STACK_FRAME:/lib/i386-linux-gnu/libglib-2.0.so.0.4800.2!g_main_context_dispatch+0x0 STACK_FRAME:/lib/i386-linux-gnu/libglib-2.0.so.0.4800.2+0x0 STACK_FRAME:/lib/i386-linux-gnu/libglib-2.0.so.0.4800.2!g_main_context_iteration+0x0 STACK_FRAME:/opt/openoffice4/program/libvclplug_gtk.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvclplug_gen.so!X11SalInstance::Yield(bool, bool)+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so!Application::Yield(bool)+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so!Application::Execute()+0x0 STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so+0x0 STACK_FRAME:/opt/openoffice4/program/libvcl.so!SVMain()+0x0 STACK_FRAME:/opt/openoffice4/program/libsofficeapp.so!soffice_main+0x0 STACK_FRAME:/opt/openoffice4/program/soffice.bin!main+0x0 INSTRUCTION_ADDRESS:0x000000ab887c90 INVOKING_STACK_FRAME:0 DESCRIPTION:Access violation on destination operand SHORT_DESCRIPTION:DestAv (9/29) OTHER_RULES:AccessViolation (28/29) CLASSIFICATION:EXPLOITABLE EXPLANATION:The target crashed on an access violation at an address matching the destination operand of the instruction. This likely indicates a write access violation, which means the attacker may control the write address and/or value. Description: Access violation on destination operand Short description: DestAv (9/29) Hash: 267590b160c1d882cadfa5981b70941e.79312db15af9cfd3ad94d7a16227d7d3 Exploitability Classification: EXPLOITABLE Explanation: The target crashed on an access violation at an address matching the destination operand of the instruction. This likely indicates a write access violation, which means the attacker may control the write address and/or value. Other tags: AccessViolation (28/29) ``` ### Timeline * 2017-04-05 - Vendor Disclosure * 2017-10-26 - Public Release
id	SSV:96798
last seen	2017-11-19
modified	2017-11-06
published	2017-11-06
reporter	Root
title	Apache OpenOffice DOC ImportOldFormatStyles Code Execution Vulnerability(CVE-2017-12608)

Talos

id	TALOS-2017-0301
last seen	2019-05-29
published	2017-10-26
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0301
title	Apache OpenOffice DOC ImportOldFormatStyles Code Execution Vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Seebug

Talos

References