Oracle Linux 8:libreoffice (ELSA-2020-1598)
critical Nessus 插件 ID 180688
语言:
简介
远程 Oracle Linux 主机缺少一个或多个安全更新。描述
远程 Oracle Linux 8 主机上安装的程序包受到 ELSA-2020-1598 公告中提及的多个漏洞的影响。- LibreOffice 具有“隐藏模式”,在该模式中,只有被视为“可信”位置中的文档可以检索远程资源。此模式不是默认模式,但可由想要禁用 LibreOffice 在文档中包含远程资源的用户启用。存在一个缺陷,即项目符号被版本 6.2.5 之前的此项保护遗漏。此问题影响以下版本:6.2.5 之前的 Document Foundation LibreOffice 版本。(CVE-2019-9849)
- LibreOffice 通常与 LibreLogo 捆绑,后者是可编程的 turtle 向量图形脚本,可执行启动该脚本的文档中包含的任意 python 命令。LibreOffice 还有一项功能,即其中的文档可以指定可在各种文档脚本事件(例如 mouse-over 等)上执行的预安装脚本。已添加保护以解决 CVE-2019-9848,进而阻止通过脚本事件处理程序调用 LibreLogo。然而,LibreOffice 中的 url 验证不足漏洞允许恶意绕过该保护,并且会再次触发通过脚本事件处理程序对 LibreLogo 的调用。此问题影响以下版本:6.2.6 之前的 Document Foundation LibreOffice 版本。(CVE-2019-9850)
- LibreOffice 通常与 LibreLogo 捆绑,后者是可编程的 turtle 向量图形脚本,可执行启动该脚本的文档中包含的任意 python 命令。已添加保护以解决 CVE-2019-9848,进而阻止通过文档事件处理程序(例如鼠标悬停)调用 LibreLogo。
但 LibreOffice 还有一项功能,即其中的文档可以指定可在各种全局文档脚本事件(例如 document-open 等)上执行的预安装脚本。在已修复的版本中,全局脚本事件处理程序经过验证,与文档脚本事件处理程序具有同等有效性。此问题影响以下版本:
6.2.6 之前的 Document Foundation LibreOffice 版本。(CVE-2019-9851)
- LibreOffice 具有一项功能,即其中的文档可以指定可在各种脚本事件(例如 mouse-over、document-open 等)上执行的预安装宏。预计只可以访问安装于 LibreOffice 的 share/Scripts/python 和 /user/Scripts/python 子目录下的脚本。已添加保护以解决 CVE-2019-9852,从而避免目录遍历攻击,此攻击可通过使用 URL 编码攻击破解路径验证步骤,进而在文件系统的任意位置执行脚本。但攻击者可利用 LibreOffice 直接通过传入路径的组件(而不是仅从路径验证步骤已审查的输出)组装最终脚本 URL 位置的方式中的缺陷绕过保护。此问题影响以下版本:6.2.7 之前的 Document Foundation LibreOffice 6.2 版本;6.3.1 之前的 6.3 版本。(CVE-2019-9854)
- LibreOffice 具有一项功能,即其中的文档可以指定可在各种脚本事件(例如 mouse-over、document-open 等)上执行的预安装宏。预计只可以访问安装于 LibreOffice 的 share/Scripts/python 和 /user/Scripts/python 子目录下的脚本。已添加保护以解决 CVE-2018-16858,从而避免目录遍历攻击,即在文件系统的任意位置执行脚本。但是,URL 编码攻击可能会绕过这项新保护。已修复的版本对描述脚本位置的解析 URL 进行了正确编码,以便随后继续处理。此问题影响以下版本:6.2.6 之前的 Document Foundation LibreOffice 版本。
(CVE-2019-9852)
- LibreOffice 文档可包含宏。这些宏的执行方式由文档安全设置控制,通常是在默认情况下阻断宏的执行。处理和分类文档内宏的 URL 的方式中存在一个 URL 解码缺陷,可能会导致构建文档以便宏执行绕过安全设置。已正确检测到这些文档包含宏,并提示用户文档中存在宏,但文档中的宏随后不受安全设置的控制,从而允许执行任意宏。此问题影响:6.2.7 之前的 LibreOffice 6.2 系列;
6.3.1 之前的 LibreOffice 6.3 系列。(CVE-2019-9853)
请注意,Nessus 尚未测试这些问题,而是只依据应用程序自我报告的版本号进行判断。
解决方案
更新受影响的程序包。另见
插件详情
严重性: Critical
ID: 180688
文件名: oraclelinux_ELSA-2020-1598.nasl
版本: 1.1
类型: local
代理: unix
发布时间: 2023/9/7
最近更新时间: 2023/9/8
支持的传感器: Frictionless Assessment Agent, Nessus Agent, Nessus
风险信息
VPR
风险因素: High
分数: 8.4
CVSS v2
风险因素: High
基本分数: 7.5
时间分数: 6.2
矢量: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 分数来源: CVE-2019-9851
CVSS v3
风险因素: Critical
基本分数: 9.8
时间分数: 9.1
矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
时间矢量: CVSS:3.0/E:F/RL:O/RC:C
漏洞信息
CPE: p-cpe:/a:oracle:linux:libreoffice-help-sl, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:autocorr-af, p-cpe:/a:oracle:linux:autocorr-bg, p-cpe:/a:oracle:linux:autocorr-ca, p-cpe:/a:oracle:linux:autocorr-cs, p-cpe:/a:oracle:linux:autocorr-da, p-cpe:/a:oracle:linux:autocorr-de, p-cpe:/a:oracle:linux:autocorr-en, p-cpe:/a:oracle:linux:autocorr-es, p-cpe:/a:oracle:linux:autocorr-fa, p-cpe:/a:oracle:linux:autocorr-fi, p-cpe:/a:oracle:linux:autocorr-fr, p-cpe:/a:oracle:linux:autocorr-ga, p-cpe:/a:oracle:linux:autocorr-hr, p-cpe:/a:oracle:linux:autocorr-hu, p-cpe:/a:oracle:linux:autocorr-is, p-cpe:/a:oracle:linux:autocorr-it, p-cpe:/a:oracle:linux:autocorr-ja, p-cpe:/a:oracle:linux:autocorr-ko, p-cpe:/a:oracle:linux:autocorr-lb, p-cpe:/a:oracle:linux:autocorr-lt, p-cpe:/a:oracle:linux:autocorr-mn, p-cpe:/a:oracle:linux:autocorr-nl, p-cpe:/a:oracle:linux:autocorr-pl, p-cpe:/a:oracle:linux:autocorr-pt, p-cpe:/a:oracle:linux:autocorr-ro, p-cpe:/a:oracle:linux:autocorr-ru, p-cpe:/a:oracle:linux:autocorr-sk, p-cpe:/a:oracle:linux:autocorr-sl, p-cpe:/a:oracle:linux:autocorr-sr, p-cpe:/a:oracle:linux:autocorr-sv, p-cpe:/a:oracle:linux:autocorr-tr, p-cpe:/a:oracle:linux:autocorr-vi, p-cpe:/a:oracle:linux:autocorr-zh, p-cpe:/a:oracle:linux:libreoffice-base, p-cpe:/a:oracle:linux:libreoffice-calc, p-cpe:/a:oracle:linux:libreoffice-core, p-cpe:/a:oracle:linux:libreoffice-data, p-cpe:/a:oracle:linux:libreoffice-draw, p-cpe:/a:oracle:linux:libreoffice-emailmerge, p-cpe:/a:oracle:linux:libreoffice-filters, p-cpe:/a:oracle:linux:libreoffice-help-bg, p-cpe:/a:oracle:linux:libreoffice-help-bn, p-cpe:/a:oracle:linux:libreoffice-help-ca, p-cpe:/a:oracle:linux:libreoffice-help-cs, p-cpe:/a:oracle:linux:libreoffice-help-da, p-cpe:/a:oracle:linux:libreoffice-help-de, p-cpe:/a:oracle:linux:libreoffice-help-dz, p-cpe:/a:oracle:linux:libreoffice-help-el, p-cpe:/a:oracle:linux:libreoffice-help-en, p-cpe:/a:oracle:linux:libreoffice-help-es, p-cpe:/a:oracle:linux:libreoffice-help-et, p-cpe:/a:oracle:linux:libreoffice-help-eu, p-cpe:/a:oracle:linux:libreoffice-help-fi, p-cpe:/a:oracle:linux:libreoffice-help-fr, p-cpe:/a:oracle:linux:libreoffice-help-gl, p-cpe:/a:oracle:linux:libreoffice-help-gu, p-cpe:/a:oracle:linux:libreoffice-help-he, p-cpe:/a:oracle:linux:libreoffice-help-hi, p-cpe:/a:oracle:linux:libreoffice-help-hr, p-cpe:/a:oracle:linux:libreoffice-help-hu, p-cpe:/a:oracle:linux:libreoffice-help-id, p-cpe:/a:oracle:linux:libreoffice-help-it, p-cpe:/a:oracle:linux:libreoffice-help-sv, p-cpe:/a:oracle:linux:libreoffice-help-ta, p-cpe:/a:oracle:linux:libreoffice-help-tr, p-cpe:/a:oracle:linux:libreoffice-help-uk, p-cpe:/a:oracle:linux:libreoffice-help-zh-hans, p-cpe:/a:oracle:linux:libreoffice-help-zh-hant, p-cpe:/a:oracle:linux:libreoffice-impress, p-cpe:/a:oracle:linux:libreoffice-langpack-af, p-cpe:/a:oracle:linux:libreoffice-langpack-ar, p-cpe:/a:oracle:linux:libreoffice-langpack-as, p-cpe:/a:oracle:linux:libreoffice-langpack-bg, p-cpe:/a:oracle:linux:libreoffice-langpack-bn, p-cpe:/a:oracle:linux:libreoffice-langpack-br, p-cpe:/a:oracle:linux:libreoffice-sdk-doc, p-cpe:/a:oracle:linux:libreoffice-ure, p-cpe:/a:oracle:linux:libreoffice-ure-common, p-cpe:/a:oracle:linux:libreoffice-wiki-publisher, p-cpe:/a:oracle:linux:libreoffice-writer, p-cpe:/a:oracle:linux:libreoffice-x11, p-cpe:/a:oracle:linux:libreoffice-xsltfilter, p-cpe:/a:oracle:linux:libreofficekit, p-cpe:/a:oracle:linux:libreoffice-gdb-debug-support, p-cpe:/a:oracle:linux:libreoffice-graphicfilter, p-cpe:/a:oracle:linux:libreoffice-gtk2, p-cpe:/a:oracle:linux:libreoffice-gtk3, p-cpe:/a:oracle:linux:libreoffice-help-ar, p-cpe:/a:oracle:linux:libreoffice-help-ja, p-cpe:/a:oracle:linux:libreoffice-help-ko, p-cpe:/a:oracle:linux:libreoffice-help-lt, p-cpe:/a:oracle:linux:libreoffice-help-lv, p-cpe:/a:oracle:linux:libreoffice-help-nb, p-cpe:/a:oracle:linux:libreoffice-help-nl, p-cpe:/a:oracle:linux:libreoffice-help-nn, p-cpe:/a:oracle:linux:libreoffice-help-pl, p-cpe:/a:oracle:linux:libreoffice-help-pt-br, p-cpe:/a:oracle:linux:libreoffice-help-pt-pt, p-cpe:/a:oracle:linux:libreoffice-help-ro, p-cpe:/a:oracle:linux:libreoffice-help-ru, p-cpe:/a:oracle:linux:libreoffice-help-si, p-cpe:/a:oracle:linux:libreoffice-help-sk, p-cpe:/a:oracle:linux:libreoffice-langpack-gl, p-cpe:/a:oracle:linux:libreoffice-langpack-gu, p-cpe:/a:oracle:linux:libreoffice-langpack-he, p-cpe:/a:oracle:linux:libreoffice-langpack-hi, p-cpe:/a:oracle:linux:libreoffice-langpack-hr, p-cpe:/a:oracle:linux:libreoffice-langpack-hu, p-cpe:/a:oracle:linux:libreoffice-langpack-id, p-cpe:/a:oracle:linux:libreoffice-langpack-it, p-cpe:/a:oracle:linux:libreoffice-langpack-ja, p-cpe:/a:oracle:linux:libreoffice-langpack-kk, p-cpe:/a:oracle:linux:libreoffice-langpack-kn, p-cpe:/a:oracle:linux:libreoffice-langpack-ko, p-cpe:/a:oracle:linux:libreoffice-langpack-ca, p-cpe:/a:oracle:linux:libreoffice-langpack-cs, p-cpe:/a:oracle:linux:libreoffice-langpack-cy, p-cpe:/a:oracle:linux:libreoffice-langpack-da, p-cpe:/a:oracle:linux:libreoffice-langpack-de, p-cpe:/a:oracle:linux:libreoffice-langpack-dz, p-cpe:/a:oracle:linux:libreoffice-langpack-el, p-cpe:/a:oracle:linux:libreoffice-langpack-en, p-cpe:/a:oracle:linux:libreoffice-langpack-es, p-cpe:/a:oracle:linux:libreoffice-langpack-et, p-cpe:/a:oracle:linux:libreoffice-langpack-eu, p-cpe:/a:oracle:linux:libreoffice-langpack-fa, p-cpe:/a:oracle:linux:libreoffice-langpack-fi, p-cpe:/a:oracle:linux:libreoffice-langpack-fr, p-cpe:/a:oracle:linux:libreoffice-langpack-ga, p-cpe:/a:oracle:linux:libreoffice-langpack-lt, p-cpe:/a:oracle:linux:libreoffice-langpack-lv, p-cpe:/a:oracle:linux:libreoffice-langpack-mai, p-cpe:/a:oracle:linux:libreoffice-langpack-ml, p-cpe:/a:oracle:linux:libreoffice-langpack-mr, p-cpe:/a:oracle:linux:libreoffice-langpack-nb, p-cpe:/a:oracle:linux:libreoffice-langpack-nl, p-cpe:/a:oracle:linux:libreoffice-langpack-nn, p-cpe:/a:oracle:linux:libreoffice-langpack-nr, p-cpe:/a:oracle:linux:libreoffice-langpack-nso, p-cpe:/a:oracle:linux:libreoffice-langpack-or, p-cpe:/a:oracle:linux:libreoffice-langpack-pa, p-cpe:/a:oracle:linux:libreoffice-langpack-pl, p-cpe:/a:oracle:linux:libreoffice-langpack-pt-br, p-cpe:/a:oracle:linux:libreoffice-langpack-pt-pt, p-cpe:/a:oracle:linux:libreoffice-langpack-ro, p-cpe:/a:oracle:linux:libreoffice-langpack-ru, p-cpe:/a:oracle:linux:libreoffice-langpack-si, p-cpe:/a:oracle:linux:libreoffice-langpack-sk, p-cpe:/a:oracle:linux:libreoffice-langpack-sl, p-cpe:/a:oracle:linux:libreoffice-langpack-sr, p-cpe:/a:oracle:linux:libreoffice-langpack-ss, p-cpe:/a:oracle:linux:libreoffice-langpack-st, p-cpe:/a:oracle:linux:libreoffice-langpack-sv, p-cpe:/a:oracle:linux:libreoffice-langpack-ta, p-cpe:/a:oracle:linux:libreoffice-langpack-te, p-cpe:/a:oracle:linux:libreoffice-langpack-th, p-cpe:/a:oracle:linux:libreoffice-langpack-tn, p-cpe:/a:oracle:linux:libreoffice-langpack-tr, p-cpe:/a:oracle:linux:libreoffice-langpack-ts, p-cpe:/a:oracle:linux:libreoffice-langpack-uk, p-cpe:/a:oracle:linux:libreoffice-langpack-ve, p-cpe:/a:oracle:linux:libreoffice-langpack-xh, p-cpe:/a:oracle:linux:libreoffice-langpack-zh-hans, p-cpe:/a:oracle:linux:libreoffice-langpack-zh-hant, p-cpe:/a:oracle:linux:libreoffice-langpack-zu, p-cpe:/a:oracle:linux:libreoffice-math, p-cpe:/a:oracle:linux:libreoffice-ogltrans, p-cpe:/a:oracle:linux:libreoffice-opensymbol-fonts, p-cpe:/a:oracle:linux:libreoffice-pdfimport, p-cpe:/a:oracle:linux:libreoffice-pyuno, p-cpe:/a:oracle:linux:libreoffice-sdk
必需的 KB 项: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled
可利用: true
易利用性: Exploits are available
补丁发布日期: 2020/5/5
漏洞发布日期: 2019/7/17
可利用的方式
Core Impact
参考资料信息
CVE: CVE-2019-9849, CVE-2019-9850, CVE-2019-9851, CVE-2019-9852, CVE-2019-9853, CVE-2019-9854