Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for enterprise_linux_server_from_rhui_6 by redhat
CVE-2015-3405 (GCVE-0-2015-3405)
Vulnerability from nvd – Published: 2017-08-09 16:00 – Updated: 2024-08-06 05:47
VLAI
Summary
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2015-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-5830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html"
},
{
"name": "RHSA-2015:2231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2231.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "SUSE-SU-2015:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html"
},
{
"name": "74045",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74045"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=2797"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bk1.ntp.org/ntp-stable/?PAGE=patch\u0026REV=55199296N2gFqH1Hm5GOnhrk9Ypygg"
},
{
"name": "DSA-3223",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"name": "[oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/23/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-5830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html"
},
{
"name": "RHSA-2015:2231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2231.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "SUSE-SU-2015:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html"
},
{
"name": "74045",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74045"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=2797"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bk1.ntp.org/ntp-stable/?PAGE=patch\u0026REV=55199296N2gFqH1Hm5GOnhrk9Ypygg"
},
{
"name": "DSA-3223",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"name": "[oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/23/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3405",
"datePublished": "2017-08-09T16:00:00.000Z",
"dateReserved": "2015-04-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:47:57.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2665 (GCVE-0-2012-2665)
Vulnerability from nvd – Published: 2012-08-06 18:00 – Updated: 2024-08-06 19:42
VLAI
Summary
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
Date Public
2012-08-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60799"
},
{
"name": "GLSA-201408-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "GLSA-201209-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-05.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=826077"
},
{
"name": "DSA-2520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2520"
},
{
"name": "USN-1536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1536-1"
},
{
"name": "RHSA-2012:1135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1135.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pre-cert.de/advisories/PRE-SA-2012-05.txt"
},
{
"name": "54769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54769"
},
{
"name": "50692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50692"
},
{
"name": "1027332",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027332"
},
{
"name": "1027331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027331"
},
{
"name": "50142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50142"
},
{
"name": "USN-1537-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1537-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libreoffice.org/about-us/security/advisories/cve-2012-2665/"
},
{
"name": "50146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-06T17:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60799"
},
{
"name": "GLSA-201408-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "GLSA-201209-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-05.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=826077"
},
{
"name": "DSA-2520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2520"
},
{
"name": "USN-1536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1536-1"
},
{
"name": "RHSA-2012:1135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1135.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pre-cert.de/advisories/PRE-SA-2012-05.txt"
},
{
"name": "54769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54769"
},
{
"name": "50692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50692"
},
{
"name": "1027332",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027332"
},
{
"name": "1027331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027331"
},
{
"name": "50142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50142"
},
{
"name": "USN-1537-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1537-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libreoffice.org/about-us/security/advisories/cve-2012-2665/"
},
{
"name": "50146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50146"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2665",
"datePublished": "2012-08-06T18:00:00.000Z",
"dateReserved": "2012-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:42:31.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3405 (GCVE-0-2015-3405)
Vulnerability from cvelistv5 – Published: 2017-08-09 16:00 – Updated: 2024-08-06 05:47
VLAI
Summary
ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
Date Public
2015-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:47:57.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2015-5830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html"
},
{
"name": "RHSA-2015:2231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2231.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "SUSE-SU-2015:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html"
},
{
"name": "74045",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74045"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=2797"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bk1.ntp.org/ntp-stable/?PAGE=patch\u0026REV=55199296N2gFqH1Hm5GOnhrk9Ypygg"
},
{
"name": "DSA-3223",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"name": "[oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/23/14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote attackers to obtain the value of generated MD5 keys via a brute force attack with the 93 possible keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-28T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2015-5830",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156248.html"
},
{
"name": "RHSA-2015:2231",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2231.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210324"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "DSA-3388",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "SUSE-SU-2015:1173",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00000.html"
},
{
"name": "74045",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74045"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.ntp.org/show_bug.cgi?id=2797"
},
{
"name": "RHSA-2015:1459",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03886en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bk1.ntp.org/ntp-stable/?PAGE=patch\u0026REV=55199296N2gFqH1Hm5GOnhrk9Ypygg"
},
{
"name": "DSA-3223",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3223"
},
{
"name": "[oss-security] 20150423 Re: CVE request: ntp-keygen may generate non-random symmetric keys on big-endian systems",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/04/23/14"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3405",
"datePublished": "2017-08-09T16:00:00.000Z",
"dateReserved": "2015-04-23T00:00:00.000Z",
"dateUpdated": "2024-08-06T05:47:57.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2665 (GCVE-0-2012-2665)
Vulnerability from cvelistv5 – Published: 2012-08-06 18:00 – Updated: 2024-08-06 19:42
VLAI
Summary
Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
16 references
Date Public
2012-08-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:42:31.538Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "60799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60799"
},
{
"name": "GLSA-201408-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "GLSA-201209-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-05.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=826077"
},
{
"name": "DSA-2520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2520"
},
{
"name": "USN-1536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1536-1"
},
{
"name": "RHSA-2012:1135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1135.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pre-cert.de/advisories/PRE-SA-2012-05.txt"
},
{
"name": "54769",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54769"
},
{
"name": "50692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50692"
},
{
"name": "1027332",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027332"
},
{
"name": "1027331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027331"
},
{
"name": "50142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50142"
},
{
"name": "USN-1537-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1537-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.libreoffice.org/about-us/security/advisories/cve-2012-2665/"
},
{
"name": "50146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50146"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple heap-based buffer overflows in the XML manifest encryption tag parsing functionality in OpenOffice.org and LibreOffice before 3.5.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Open Document Text (.odt) file with (1) a child tag within an incorrect parent tag, (2) duplicate tags, or (3) a Base64 ChecksumAttribute whose length is not evenly divisible by four."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-06T17:57:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "60799",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60799"
},
{
"name": "GLSA-201408-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "GLSA-201209-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201209-05.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=826077"
},
{
"name": "DSA-2520",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2520"
},
{
"name": "USN-1536-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1536-1"
},
{
"name": "RHSA-2012:1135",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1135.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pre-cert.de/advisories/PRE-SA-2012-05.txt"
},
{
"name": "54769",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54769"
},
{
"name": "50692",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50692"
},
{
"name": "1027332",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027332"
},
{
"name": "1027331",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027331"
},
{
"name": "50142",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50142"
},
{
"name": "USN-1537-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1537-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.libreoffice.org/about-us/security/advisories/cve-2012-2665/"
},
{
"name": "50146",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50146"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2665",
"datePublished": "2012-08-06T18:00:00.000Z",
"dateReserved": "2012-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:42:31.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}