certfr_avis - certfr-2019-avi-047

CERTFR-2019-AVI-047

Vulnerability from certfr_avis

Une vulnérabilité a été découverte dans LibreOffice. Elle permet à un attaquant de provoquer une exécution de code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Libreoffice	LibreOffice	LibreOffice versions antérieures à 6.0.7 et 6.1.3

References

Title

Publication Time

CVE-2018-16858 (GCVE-0-2018-16858)

Vulnerability from cvelistv5

Published

2019-03-25 17:43

Modified

2024-08-05 10:32

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-356

Summary

It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location.

References

URL

Tags

	https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html	x_refsource_MISC
	http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec	x_refsource_MISC
	https://www.exploit-db.com/exploits/46727/	exploit, x_refsource_EXPLOIT-DB
	https://access.redhat.com/errata/RHSA-2019:2130	vendor-advisory, x_refsource_REDHAT
	https://seclists.org/bugtraq/2019/Aug/28	mailing-list, x_refsource_BUGTRAQ
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	libreoffice	Version: 6.0.7 Version: 6.1.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:32:54.146Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec"
          },
          {
            "name": "46727",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46727/"
          },
          {
            "name": "RHSA-2019:2130",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2130"
          },
          {
            "name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Aug/28"
          },
          {
            "name": "openSUSE-SU-2019:1929",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "libreoffice",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "6.0.7"
            },
            {
              "status": "affected",
              "version": "6.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-356",
              "description": "CWE-356",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-18T15:06:07",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec"
        },
        {
          "name": "46727",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/46727/"
        },
        {
          "name": "RHSA-2019:2130",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2130"
        },
        {
          "name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Aug/28"
        },
        {
          "name": "openSUSE-SU-2019:1929",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-16858",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "libreoffice",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0.7"
                          },
                          {
                            "version_value": "6.1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "[UNKNOWN]"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that libreoffice before versions 6.0.7 and 6.1.3 was vulnerable to a directory traversal attack which could be used to execute arbitrary macros bundled with a document. An attacker could craft a document, which when opened by LibreOffice, would execute a Python method from a script in any arbitrary file system location, specified relative to the LibreOffice install location."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.8/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-356"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/",
              "refsource": "MISC",
              "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2018-16858/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16858"
            },
            {
              "name": "http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152560/LibreOffice-Macro-Code-Execution.html"
            },
            {
              "name": "http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec",
              "refsource": "MISC",
              "url": "http://www.rapid7.com/db/modules/exploit/multi/fileformat/libreoffice_macro_exec"
            },
            {
              "name": "46727",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/46727/"
            },
            {
              "name": "RHSA-2019:2130",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2130"
            },
            {
              "name": "20190815 [SECURITY] [DSA 4501-1] libreoffice security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Aug/28"
            },
            {
              "name": "openSUSE-SU-2019:1929",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00059.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-16858",
    "datePublished": "2019-03-25T17:43:08",
    "dateReserved": "2018-09-11T00:00:00",
    "dateUpdated": "2024-08-05T10:32:54.146Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted