Red Hat Bugzilla – Bug 154988
FC1: CAN-2005-0941: remote heap overflow vulnerability (bad .doc file can exec arbitrary code)
Last modified: 2007-04-18 13:23:49 EDT
+++ This bug was initially created as a clone of Bug #154742 +++
Fedora Core 3 update:
An attacker may exploit this issue by crafting a malformed .doc file and
enticing a user to open this file with the affected application. If a vulnerable
user opens this file in OpenOffice, the application may crash due to memory
corruption. This issue may also be leveraged to execute arbitrary code in the
context of the user running OpenOffice.
Patchfile: patches-OOO_1_1-sot-overflow.diff (from FC2 & FC3 packages)
See also bug #152784 (CAN-2004-0752) which is not yet fixed for FC1.
I have packages for FC1 that fix this and bug #152784, but need upload space as
I have exceeded my quota for my people.redhat.com account...
Verified that my FC1 packages are not vulnerable to this bug, using the exploit
document in bug 154540 (vul3.doc).
Packages uploaded to Matthew Miller.
MD5 sums: http://people.redhat.com/dcbw/ooo/fc1-ooo-md5sums.txt
Available for download temporarily from <ftp://evol.bu.edu/openoffice/>. Note
that there's currently an md5sum mismatch for
openoffice-libs-1.0.2-11.2.legacy.i386.rpm, but the rest are good. That should
be corrected soon.
(Mismatch only affects RHL9, bug #154989. The FC1 packages should be fine.)
Note that these packages also fix Bug 152784 (CAN-2004-0752 - openoffice.org temp file handling
Matthew, the ftp site in comment 4 doesn't seem to be responding...
Could you take a look at it, I would like to release these packages.
Packages were pushed to updates-testing.
-----BEGIN PGP SIGNED MESSAGE-----
dsa sha1 md5 gpg OK on all 3 packages
installed without any warnings or errors
I started up writer and calc. Both appear to work.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)
-----END PGP SIGNATURE-----
Released to updates.