[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20090910111222.GC32364@suse.de>
Date: Thu, 10 Sep 2009 13:12:22 +0200
From: Thomas Biege <thomas@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: OpenOffice.org CVE-2009-2139
Hi,
there was a thread about it on vendor-sec some month ago.
Here are the two descriptions from Petr:
CVE-2009-2139
Manipulated EMF files can lead to heap overflows and arbitrary code
execution
* Synopsis: Manipulated EMF files can lead to heap overflows and
arbitrary code execution
* State: Resolved
1. Impact
A security vulnerability with the way OpenOffice/Go-oo 2.x and 3.x process EMF
files may allow a remote unprivileged user who provides an OpenOffice.org/Go-oo
document that is opened by a local user to execute arbitrary commands on the
system with the privileges of the user running OpenOffice.org/Go-oo. No working
exploit is known right now.
2. Affected releases
The problem was introduced in OpenOffice.org release, based on ooo-build (Go-oo),
version 2.1. It was fixed in the version 3.0.1. The original OpenOffice.org
builds, available from http://www.openoffice.org/, were not affected.
3. Symptoms
There are no predictable symptoms that would indicate this issue has occurred
4. Relief/Workaround
There is no workaround. See "Resolution" below.
5. Resolution
This issue is addressed in the following release:
OpenOffice.org, based on ooo-build (Go-oo), version 3.0.1
Note: The original OpenOffice.org builds, available from http://www.openoffice.org/,
were newer affected by this vulnerability.
6. Comments
The issue is similar to CVE-2008-2238. The ooo-build-specific variant was found and fixed by ooo-build (Go-oo) developers.
And:
CVE-2009-2140
Manipulated EMF+ files can lead to heap overflows and arbitrary code
execution
* Synopsis: Manipulated EMF+ files can lead to heap overflows and
arbitrary code execution
* State: Resolved
1. Impact
A security vulnerability with the way OpenOffice/Go-oo 2.x and 3.x
process EMF+ files may allow a remote unprivileged user who provides an
OpenOffice.org/Go-oo document that is opened by a local user to execute
arbitrary commands on the system with the privileges of the user running
OpenOffice.org/Go-oo. No working exploit is known right now.
2. Affected releases
The problem was introduced in OpenOffice.org release, based on ooo-build
(Go-oo), version 2.3.1. It was fixed in the version 3.0.1. Only the builds
supporting EMF+ import (applying EMFPlus patchset) were affected. The
original OpenOffice.org builds, available from http://www.openoffice.org/,
were newer affected.
3. Symptoms
There are no predictable symptoms that would indicate this issue has occurred
4. Relief/Workaround
There is no workaround. See "Resolution" below.
5. Resolution
This issue is addressed in the following release:
OpenOffice.org, based on ooo-build (Go-oo), version 3.0.1
Note: The original OpenOffice.org builds, available from http://www.openoffice.org/,
were newer affected by this vulnerability.
6. Comments
The issue is similar to CVE-2008-2238. The ooo-build-specific variant was found
and fixed by ooo-build (Go-oo) developers.
On Wed, Sep 09, 2009 at 09:12:40PM +0200, Tomas Hoger wrote:
> Hi!
>
> Does anyone have more info on CVE-2009-2139 besides Debian advisory?
>
> http://www.debian.org/security/2009/dsa-1880
>
> --
> Tomas Hoger / Red Hat Security Response Team
--
Bye,
Thomas
--
Thomas Biege <thomas@...e.de>, SUSE LINUX, Security Support & Auditing
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
