[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] OpenOffice.org CVE-2009-2139
From: Thomas Biege <thomas () suse ! de>
Date: 2009-09-10 11:12:22
Message-ID: 20090910111222.GC32364 () suse ! de
[Download RAW message or body]
Hi,
there was a thread about it on vendor-sec some month ago.
Here are the two descriptions from Petr:
CVE-2009-2139
Manipulated EMF files can lead to heap overflows and arbitrary code
execution
* Synopsis: Manipulated EMF files can lead to heap overflows and
arbitrary code execution
* State: Resolved
1. Impact
A security vulnerability with the way OpenOffice/Go-oo 2.x and 3.x process EMF
files may allow a remote unprivileged user who provides an OpenOffice.org/Go-oo
document that is opened by a local user to execute arbitrary commands on the
system with the privileges of the user running OpenOffice.org/Go-oo. No working
exploit is known right now.
2. Affected releases
The problem was introduced in OpenOffice.org release, based on ooo-build (Go-oo),
version 2.1. It was fixed in the version 3.0.1. The original OpenOffice.org
builds, available from http://www.openoffice.org/, were not affected.
3. Symptoms
There are no predictable symptoms that would indicate this issue has occurred
4. Relief/Workaround
There is no workaround. See "Resolution" below.
5. Resolution
This issue is addressed in the following release:
OpenOffice.org, based on ooo-build (Go-oo), version 3.0.1
Note: The original OpenOffice.org builds, available from http://www.openoffice.org/,
were newer affected by this vulnerability.
6. Comments
The issue is similar to CVE-2008-2238. The ooo-build-specific variant was found and \
fixed by ooo-build (Go-oo) developers.
And:
CVE-2009-2140
Manipulated EMF+ files can lead to heap overflows and arbitrary code
execution
* Synopsis: Manipulated EMF+ files can lead to heap overflows and
arbitrary code execution
* State: Resolved
1. Impact
A security vulnerability with the way OpenOffice/Go-oo 2.x and 3.x
process EMF+ files may allow a remote unprivileged user who provides an
OpenOffice.org/Go-oo document that is opened by a local user to execute
arbitrary commands on the system with the privileges of the user running
OpenOffice.org/Go-oo. No working exploit is known right now.
2. Affected releases
The problem was introduced in OpenOffice.org release, based on ooo-build
(Go-oo), version 2.3.1. It was fixed in the version 3.0.1. Only the builds
supporting EMF+ import (applying EMFPlus patchset) were affected. The
original OpenOffice.org builds, available from http://www.openoffice.org/,
were newer affected.
3. Symptoms
There are no predictable symptoms that would indicate this issue has occurred
4. Relief/Workaround
There is no workaround. See "Resolution" below.
5. Resolution
This issue is addressed in the following release:
OpenOffice.org, based on ooo-build (Go-oo), version 3.0.1
Note: The original OpenOffice.org builds, available from http://www.openoffice.org/,
were newer affected by this vulnerability.
6. Comments
The issue is similar to CVE-2008-2238. The ooo-build-specific variant was found
and fixed by ooo-build (Go-oo) developers.
On Wed, Sep 09, 2009 at 09:12:40PM +0200, Tomas Hoger wrote:
> Hi!
>
> Does anyone have more info on CVE-2009-2139 besides Debian advisory?
>
> http://www.debian.org/security/2009/dsa-1880
>
> --
> Tomas Hoger / Red Hat Security Response Team
--
Bye,
Thomas
--
Thomas Biege <thomas@suse.de>, SUSE LINUX, Security Support & Auditing
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic