This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 154742 - CAN-2005-0941: remote heap overflow vulnerability (bad .doc file can exec arbitrary code)
CAN-2005-0941: remote heap overflow vulnerability (bad .doc file can exec arb...
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: openoffice (Show other bugs)
fc2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-13 17:55 EDT by Matthew Miller
Modified: 2007-04-18 13:23 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-12 20:52:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Matthew Miller 2005-04-13 17:55:28 EDT
Advisory: http://www.securityfocus.com/bid/13092/
Fedora Core 3 update:
http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00027.html

  An attacker may exploit this issue by crafting a malformed .doc file and 
  enticing a user to open this file with the affected application. If a vulnerable
  user opens this file in OpenOffice, the application may crash due to memory 
  corruption. This issue may also be leveraged to execute arbitrary code in the 
  context of the user running OpenOffice. 

Filing this for Fedora Core 2; seems like it probably also affects FC1 and RHL9.
(For those releases, also see bug #152784 (CAN-2004-0752) which is already fixed
for FC2.

The (pre-update) FC3 package and FC2 package are basically identical; we should
be able to just rebuild the FC3 package to make our update.
Comment 1 Dan Williams 2005-04-14 12:30:02 EDT
I actually have FC2 packages that I pushed through Beehive right before the
cutoff date happened.  I'd be happy to post them somewhere, since I was just
about to push them to fc2-updates anyway right when the cutoff came around.
Comment 2 Dan Williams 2005-04-14 12:38:25 EDT
packages for FC2 are here:

http://people.redhat.com/dcbw/ooo/
Comment 3 Marc Deslauriers 2005-04-14 17:19:43 EDT
Thanks Dan!
Comment 4 Marc Deslauriers 2005-05-02 08:02:04 EDT
Packages were pushed to updates-testing.
Comment 5 David Curry 2005-05-08 01:26:57 EDT
fc2: openoffice.org-1.1.3-11.4.0.fc2 packages were downloaded into a temporary
directory, checked with rpm -K openoffice*, and installed without any exceptions
or difficulty.

In turn, openoffice.org calc, draw, impress, and writer were opened and used
without encountering any exceptions.  Project management and Math were opened
and closed, but not used.

Tests performed included the following.

WRITER:
1. A new document was created and saved in native oo.o format.  Writer was
closed, reopened and the newly created writer document was opened and closed
without exception or error.
2.  A pre-existing native oo.o format document containing both text and tables
imported from oo.o calc was loaded, edited slightly and saved without error.
3.  A pre-existing .doc file was opened and saved in native oo.o format, as
.pdf, as .rtf, and as .html.  All created documents were subsequently opened
with oo.o.  The .rtf document was also opened with abiword, the .html document
was opened with Konqueror, and the .pdf document was opened with PDF Viewer.

CALC:
1. A pre-existing .xls spreadsheet document of greater size than oo.o can
process was opened.  oo.o continued running, advising the user that rows in
excess of oo.o capacity were not imported.  (Unexpected outcome: Loading of this
spreadsheet file seemed a bit faster than I remembered from earlier versions of
oo.o.)

2.  A new spreadsheet was created using test data and four of the more simple
built-in statistical functions.  No errors or exceptions encountered.
3.  Several existing .xls files containing table lookups, mutiple coloring of
text, statistical functions, relatively sophisticated formating were
successfully opened without observing any indications that formating had changed
or that functions used were not accurately supported.

DRAW, IMPRESS:
1.  Simple new documents were created and saved.  Oo.o was closed, reopened and
the newly created documents were reopened without error.

+verify
Comment 6 Marc Deslauriers 2005-05-12 20:52:24 EDT
Released to updates

Note You need to log in before you can comment on or make changes to this bug.