English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 92446 CVE descriptions
and 51095 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.61783
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 1661-1 (openoffice.org)
Summary:Debian Security Advisory DSA 1661-1 (openoffice.org)
Description:Description:
The remote host is missing an update to openoffice.org
announced via advisory DSA 1661-1.

Several vulnerabilities have been discovered in the OpenOffice.org
office suite:

CVE-2008-2237

The SureRun Security team discovered a bug in the WMF file parser
that can be triggered by manipulated WMF files and can lead to
heap overflows and arbitrary code execution.

CVE-2008-2238

An anonymous researcher working with the iDefense discovered a bug
in the EMF file parser that can be triggered by manipulated EMF
files and can lead to heap overflows and arbitrary code execution.

For the stable distribution (etch) these problems have been fixed in
version 2.0.4.dfsg.2-7etch6.

For the unstable distribution (sid) these problems have been fixed in
version 2.4.1-12.

For the experimental distribution these problems have been fixed in
version 3.0.0~
rc3-1.

We recommend that you upgrade your OpenOffice.org package.

Solution:
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201661-1

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-2237
Debian Security Information: DSA-1661 (Google Search)
http://www.debian.org/security/2008/dsa-1661
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00905.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00923.html
http://security.gentoo.org/glsa/glsa-200812-13.xml
http://www.redhat.com/support/errata/RHSA-2008-0939.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-242627-1
SuSE Security Announcement: SUSE-SR:2008:026 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://www.ubuntu.com/usn/usn-677-2
http://www.ubuntu.com/usn/usn-677-1
BugTraq ID: 31962
http://www.securityfocus.com/bid/31962
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10784
http://secunia.com/advisories/32463
http://secunia.com/advisories/32856
http://www.vupen.com/english/advisories/2008/2947
http://www.vupen.com/english/advisories/2008/3103
http://www.securitytracker.com/id?1021120
http://secunia.com/advisories/32419
http://secunia.com/advisories/32461
http://secunia.com/advisories/32489
http://secunia.com/advisories/32676
http://secunia.com/advisories/32872
http://secunia.com/advisories/33140
XForce ISS Database: openoffice-wmf-bo(46165)
http://xforce.iss.net/xforce/xfdb/46165
Common Vulnerability Exposure (CVE) ID: CVE-2008-2238
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=750
http://sunsolve.sun.com/search/document.do?assetkey=1-26-243226-1
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10849
http://www.vupen.com/english/advisories/2008/3153
http://www.securitytracker.com/id?1021121
XForce ISS Database: openoffice-emf-file-bo(46166)
http://xforce.iss.net/xforce/xfdb/46166
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 51095 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2016 E-Soft Inc. All rights reserved.