BID:58636

LibreOffice Update Spoofing Vulnerability

Info

LibreOffice Update Spoofing Vulnerability

Bugtraq ID:	58636
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 21 2013 12:00AM
Updated:	Mar 21 2013 12:00AM
Credit:	Janek Vind
Vulnerable:	LibreOffice LibreOffice 3.5.3 LibreOffice LibreOffice 3.5.2 2 LibreOffice LibreOffice 3.5.1 LibreOffice LibreOffice 4.0.1.2 LibreOffice LibreOffice 4.0.0.3 LibreOffice LibreOffice 3.6.5.2 LibreOffice LibreOffice 3.6.1 LibreOffice LibreOffice 3.6.0 LibreOffice LibreOffice 3.5.7.2 LibreOffice LibreOffice 3.5.7 LibreOffice LibreOffice 3.5.5.3 LibreOffice LibreOffice 3.5.5 LibreOffice LibreOffice 3.5.3

Not Vulnerable:

Discussion

LibreOffice Update Spoofing Vulnerability

LibreOffice is prone to a security vulnerability that may allow attackers to conduct spoofing attacks.

Attackers can exploit this issue to spoof server responses and conduct man-in-the-middle attacks.

LibreOffice versions 3.5.1 through 4.0.1.2 are vulnerable.

Exploit / POC

LibreOffice Update Spoofing Vulnerability

Attackers can use readily available tools to exploit this issue.

Solution / Fix

LibreOffice Update Spoofing Vulnerability

Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

LibreOffice Update Spoofing Vulnerability

References:

[waraxe-2013-SA#099] - Update Spoofing Vulnerability in LibreOffice 4.0.1.2 (Janek Vind)
LibreOffice Homepage (LibreOffice)