Notification

Icon
Error

LibreOffice Vulnerability Report

Posted: Tuesday, February 5, 2019 4:56:00 PM(UTC)
Esben.D

Esben.D

Member Administration Original PosterPosts: 1,632
1
Like
Hey everybody,

We've released a new blog post regarding the LibreOffice vulnerability. If you're interested in the specifics, I suggest you give it a read.

The report below will give you a color-coded overview of all Windows and Linux assets in your network that are not on the latest release of LibreOffice and should be updated. Please note that this report will only check whether LibreOffice is on the latest stable version at the time of posting.

The report will list assets that meet the following criteria:
  • The asset is a Windows or Linux Asset
  • The asset is Active
  • The asset has software installed which contains LibreOffice in its name
If you have any feedback on the report, feel free to leave it and I'll take a look at it.
Code:
Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypename As AssetType,
  tblAssets.Username,
  tblAssets.Userdomain,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tsysOS.OSname As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  Case
    When tblSoftwareUni.softwareName Like '%libreoffice%' And
      (tblSoftware.softwareVersion Like '6.0.7%' Or
      tblSoftware.softwareVersion Like '6.1.4%') Then '#d4f4be'
    Else '#ffadad'
  End As backgroundcolor,
  tblSoftwareUni.softwareName As Software,
  tblSoftware.softwareVersion As Version,
  tblSoftwareUni.SoftwarePublisher As Publisher,
  tblSoftware.Lastchanged,
  Case
    When tblSoftwareUni.softwareName Like '%libreoffice%' And
      (tblSoftware.softwareVersion not like '6.0.7%' OR tblSoftware.softwareVersion Like '6.1.4%')  Then ''
	  Else 'LibreOffice update recommended'
  End As Notes
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID
  Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID
  Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tblSoftwareUni.softwareName Like '%LibreOffice%' And tblState.Statename =
  'Active'
Union
Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypename As AssetType,
  tblAssets.Username,
  tblAssets.Userdomain,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.IPAddress,
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tblLinuxSystem.OSRelease As OS,
  tblAssets.SP,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  Case
    When tblSoftwareUni.softwareName Like '%libreoffice%' And
      (tblLinuxSoftware.Version Like '%6.0.7%' Or
      tblLinuxSoftware.Version Like '%6.1.4%') Then '#d4f4be'
    Else '#ffadad'
  End As backgroundcolor,
  tblSoftwareUni.softwareName As Software,
  tblLinuxSoftware.Version As Version,
  tblSoftwareUni.SoftwarePublisher As Publisher,
  tblLinuxSoftware.LastChanged,
  Case
    When tblSoftwareUni.softwareName Like '%libreoffice%' And
      (tblLinuxSoftware.Version Like '%6.0.7%' Or
      tblLinuxSoftware.Version Like '%6.1.4%') Then ''
    Else 'LibreOffice update recommended'
  End As Notes
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID
  Inner Join tblSoftwareUni On
    tblSoftwareUni.SoftID = tblLinuxSoftware.SoftwareUniID
  Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Where tblSoftwareUni.softwareName Like '%LibreOffice%' And tblState.Statename =
  'Active'
Order By Domain,
  AssetName,
  Software
yura_koresh
#1yura_koresh Member Posts: 3  
posted: 3/9/2019 6:49:21 PM(UTC)
Hello for some reason it shows in red also 6.1.1.2, 6.2.0.3.
Also is there a way to show only vulnerable versions?
And does anyone know how to create the deployment package for the correct version ?
Thanks in advance!
[img]null[/img]
ghelpdesk
#2ghelpdesk Member Posts: 85  
posted: 3/10/2019 2:46:29 PM(UTC)
Perhaps a software vulnerability user editable reference table could be added to the wishlist? So instead of creating these reports individually whenever a vulnerability is reported - an entry could be added to the vulnerability table citing the software (or OS), a from and to version field to create a range of version values that are vulnerable and a comment field to enter the vulnerability name or other brief info (ie: which version introduces a fix to the software).

Then a single vulnerability report could be added as a standard built-in report (perhaps with a default email schedule to the entered LS admin address)

The vulnerability data could stay in the table long-term so that another report could be generated using this data and an assets software history to report on how long the asset may have been exposed to a vulnerability.

I recall the Spectre and Meltdown had a more complicated set of criteria but a vulnerability reference table might cover the majority of cases.

Active Discussions

Lansweeper Deployment Java
by  mlachance   Go to last post Go to first unread
Last post: Today at 4:46:38 PM(UTC)
Lansweeper Custom OID Scanning Range
by  tcooper  
Go to last post Go to first unread
Last post: Today at 4:32:59 PM(UTC)
Lansweeper Approved Software
by  AZHockeyNut   Go to last post Go to first unread
Last post: Today at 4:07:58 PM(UTC)
Lansweeper Scanning targets - ignore assets with LSagent
by  AZHockeyNut  
Go to last post Go to first unread
Last post: Today at 4:01:44 PM(UTC)
Lansweeper LastLogon Data
by  ghelpdesk   Go to last post Go to first unread
Last post: Today at 3:53:04 PM(UTC)
Lansweeper Duplicate MAC address during asset rename
by  TJ  
Go to last post Go to first unread
Last post: Today at 3:48:49 PM(UTC)
Lansweeper Repeating Deployments
by  mlachance   Go to last post Go to first unread
Last post: Today at 1:25:48 PM(UTC)
Lansweeper Deployment - Ideas
by  mlachance  
Go to last post Go to first unread
Last post: Today at 1:22:40 PM(UTC)