Ubuntu Local Security Checks : Ubuntu Update for openoffice.org vulnerabilities USN-1056-1

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.840576
Categoría:	Ubuntu Local Security Checks
Título:	Ubuntu Update for openoffice.org vulnerabilities USN-1056-1
Resumen:	Ubuntu Update for Linux kernel vulnerabilities USN-1056-1
Descripción:	Summary: Ubuntu Update for Linux kernel vulnerabilities USN-1056-1 Vulnerability Insight: Charlie Miller discovered several heap overflows in PPT processing. If a user or automated system were tricked into opening a specially crafted PPT document, a remote attacker could execute arbitrary code with user privileges. Ubuntu 10.10 was not affected. (CVE-2010-2935, CVE-2010-2936) Marc Schoenefeld discovered that directory traversal was not correctly handled in XSLT, OXT, JAR, or ZIP files. If a user or automated system were tricked into opening a specially crafted document, a remote attacker overwrite arbitrary files, possibly leading to arbitrary code execution with user privileges. (CVE-2010-3450) Dan Rosenberg discovered multiple heap overflows in RTF and DOC processing. If a user or automated system were tricked into opening a specially crafted RTF or DOC document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454) Dmitri Gribenko discovered that OpenOffice.org did not correctly handle LD_LIBRARY_PATH in various tools. If a local attacker tricked a user or automated system into using OpenOffice.org from an attacker-controlled directory, they could execute arbitrary code with user privileges. (CVE-2010-3689) Marc Schoenefeld discovered that OpenOffice.org did not correctly process PNG images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-4253) It was discovered that OpenOffice.org did not correctly process TGA images. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could execute arbitrary code with user privileges. (CVE-2010-4643) Affected Software/OS: openoffice.org vulnerabilities on Ubuntu 8.04 LTS, Ubuntu 9.10, Ubuntu 10.04 LTS, Ubuntu 10.10 Solution: Please Install the Updated Packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2935 Debian Security Information: DSA-2099 (Google Search) http://www.debian.org/security/2010/dsa-2099 http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:221 http://securityevaluators.com/files/papers/CrashAnalysis.pdf http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690 http://www.openwall.com/lists/oss-security/2010/08/11/1 http://www.openwall.com/lists/oss-security/2010/08/11/4 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12063 http://www.redhat.com/support/errata/RHSA-2010-0643.html http://www.securitytracker.com/id?1024352 http://www.securitytracker.com/id?1024976 http://secunia.com/advisories/40775 http://secunia.com/advisories/41052 http://secunia.com/advisories/41235 http://secunia.com/advisories/42927 http://secunia.com/advisories/43105 http://secunia.com/advisories/60799 SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html SuSE Security Announcement: SUSE-SR:2010:024 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html http://ubuntu.com/usn/usn-1056-1 http://www.vupen.com/english/advisories/2010/2003 http://www.vupen.com/english/advisories/2010/2149 http://www.vupen.com/english/advisories/2010/2228 http://www.vupen.com/english/advisories/2010/2905 http://www.vupen.com/english/advisories/2011/0150 http://www.vupen.com/english/advisories/2011/0230 http://www.vupen.com/english/advisories/2011/0279 Common Vulnerability Exposure (CVE) ID: CVE-2010-2936 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12144 Common Vulnerability Exposure (CVE) ID: CVE-2010-3450 BugTraq ID: 46031 http://www.securityfocus.com/bid/46031 Debian Security Information: DSA-2151 (Google Search) http://www.debian.org/security/2011/dsa-2151 http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 http://osvdb.org/70711 http://www.redhat.com/support/errata/RHSA-2011-0181.html http://www.redhat.com/support/errata/RHSA-2011-0182.html http://www.securitytracker.com/id?1025002 http://secunia.com/advisories/42999 http://secunia.com/advisories/43065 http://secunia.com/advisories/43118 http://www.vupen.com/english/advisories/2011/0232 Common Vulnerability Exposure (CVE) ID: CVE-2010-3451 http://www.cs.brown.edu/people/drosenbe/research.html http://www.vsecurity.com/resources/advisory/20110126-1 http://osvdb.org/70712 XForce ISS Database: ooo-rtf-ce(65030) https://exchange.xforce.ibmcloud.com/vulnerabilities/65030 Common Vulnerability Exposure (CVE) ID: CVE-2010-3452 http://osvdb.org/70713 XForce ISS Database: ooo-oowriter-ce(65031) https://exchange.xforce.ibmcloud.com/vulnerabilities/65031 Common Vulnerability Exposure (CVE) ID: CVE-2010-3453 http://osvdb.org/70714 Common Vulnerability Exposure (CVE) ID: CVE-2010-3454 http://osvdb.org/70715 Common Vulnerability Exposure (CVE) ID: CVE-2010-3689 http://osvdb.org/70716 http://www.securitytracker.com/id?1025004 Common Vulnerability Exposure (CVE) ID: CVE-2010-4253 http://osvdb.org/70717 Common Vulnerability Exposure (CVE) ID: CVE-2010-4643 http://osvdb.org/70718 XForce ISS Database: ooo-tga-bo(65441) https://exchange.xforce.ibmcloud.com/vulnerabilities/65441
Copyright	Copyright (c) 2011 Greenbone Networks GmbH