SB2020040104 - Red Hat Enterprise Linux 7 update for libreoffice

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020040104

SB2020040104 - Red Hat Enterprise Linux 7 update for libreoffice

Published: April 1, 2020

Security Bulletin ID SB2020040104
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 86% Low 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Code Injection (CVE-ID: CVE-2019-9848)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in LibreLogo component, bundled with LibreOffice application. A remote attacker can create a specially crafted document, trick the victim into opening it and execute arbitrary python code on the target system without displaying any warnings.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Security restrictions bypass (CVE-ID: CVE-2019-9849)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect implementation of stealth mode feature, intended as an additional level of security that allows to retrieve online content into document from trusted resources only. A remote attacker can create a specially crafted document with bullet graphics, bypass the intended security restrictions and make the application retrieve data from arbitrary external sources.


3) Input validation error (CVE-ID: CVE-2019-9850)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient patching of URL validation, as described in SB2019071703 #1. A remote attacker can bypass the protection that blocks calling LibreLogo from script event handlers and again trigger this calling.


4) Input validation error (CVE-ID: CVE-2019-9851)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to the affected software mishandles LibreLogo scripts. A remote attacker can persuade a user to open a specially crafted document and execute arbitrary commands on an affected system.


5) Path traversal (CVE-ID: CVE-2019-9852)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to insufficient URL encoding in script location checks. A remote attacker can by persuade a user to open a specially crafted document and execute preinstalled macros on the target system.


6) Input validation error (CVE-ID: CVE-2019-9853)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input when decoding URL in macro location. While documents were correctly detected as containing macros, and prompted the user to their existence within the documents, but macros within the document were subsequently not controlled by the security settings. A remote attacker can create a specially crafted document that once opened will execute arbitrary macro on the system with privileges of the current user.


7) Improper access control (CVE-ID: CVE-2019-9854)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to unsafe URL assembly flaw in allowed script location check. A remote authenticated attacker can execute script in arbitrary locations on the filesystem by employing a URL encoding attack to defeat the path verification step.





Remediation

Install update from vendor's website.

References