[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] OpenOffice.org CVE-2009-2139
From:       Thomas Biege <thomas () suse ! de>
Date:       2009-09-10 11:12:22
Message-ID: 20090910111222.GC32364 () suse ! de
[Download RAW message or body]


Hi,
there was a thread about it on vendor-sec some month ago.

Here are the two descriptions from Petr:

CVE-2009-2139

Manipulated EMF files can lead to heap overflows and arbitrary code
execution

    * Synopsis: Manipulated EMF files can lead to heap overflows and
                arbitrary code execution
    * State: Resolved

1. Impact

A security vulnerability with the way OpenOffice/Go-oo 2.x and 3.x process EMF
files may allow a remote unprivileged user who provides an OpenOffice.org/Go-oo
document that is opened by a local user to execute arbitrary commands on the
system with the privileges of the user running OpenOffice.org/Go-oo. No working
exploit is known right now.

2. Affected releases

The problem was introduced in OpenOffice.org release, based on ooo-build (Go-oo),
version 2.1. It was fixed in the version 3.0.1. The original OpenOffice.org
builds, available from http://www.openoffice.org/, were not affected.

3. Symptoms

There are no predictable symptoms that would indicate this issue has occurred

4. Relief/Workaround

There is no workaround. See "Resolution" below.

5. Resolution

This issue is addressed in the following release:

OpenOffice.org, based on ooo-build (Go-oo), version 3.0.1

Note: The original OpenOffice.org builds, available from http://www.openoffice.org/,
were newer affected by this vulnerability.

6. Comments

The issue is similar to CVE-2008-2238. The ooo-build-specific variant was found and \
fixed by ooo-build (Go-oo) developers.


And:
CVE-2009-2140

Manipulated EMF+ files can lead to heap overflows and arbitrary code
execution

    * Synopsis: Manipulated EMF+ files can lead to heap overflows and
                arbitrary code execution
    * State: Resolved

1. Impact

A security vulnerability with the way OpenOffice/Go-oo 2.x and 3.x
process EMF+ files may allow a remote unprivileged user who provides an
OpenOffice.org/Go-oo document that is opened by a local user to execute
arbitrary commands on the system with the privileges of the user running
OpenOffice.org/Go-oo. No working exploit is known right now.


2. Affected releases

The problem was introduced in OpenOffice.org release, based on ooo-build
(Go-oo), version 2.3.1. It was fixed in the version 3.0.1. Only the builds
supporting EMF+ import (applying EMFPlus patchset) were affected. The
original OpenOffice.org builds, available from http://www.openoffice.org/,
were newer affected.


3. Symptoms

There are no predictable symptoms that would indicate this issue has occurred


4. Relief/Workaround

There is no workaround. See "Resolution" below.


5. Resolution

This issue is addressed in the following release:

OpenOffice.org, based on ooo-build (Go-oo), version 3.0.1

Note: The original OpenOffice.org builds, available from http://www.openoffice.org/,
were newer affected by this vulnerability.


6. Comments

The issue is similar to CVE-2008-2238. The ooo-build-specific variant was found
and fixed by ooo-build (Go-oo) developers.




On Wed, Sep 09, 2009 at 09:12:40PM +0200, Tomas Hoger wrote:
> Hi!
> 
> Does anyone have more info on CVE-2009-2139 besides Debian advisory?
> 
> http://www.debian.org/security/2009/dsa-1880
> 
> -- 
> Tomas Hoger / Red Hat Security Response Team

-- 
Bye,
     Thomas
-- 
 Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
-- 
  Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
                            -- Marie von Ebner-Eschenbach


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic