Bug 154989 - RH9: CAN-2005-0941: remote heap overflow vulnerability (bad .doc file can exec arbitrary code)
Summary: RH9: CAN-2005-0941: remote heap overflow vulnerability (bad .doc file can exe...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: openoffice
Version: rhl9
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL:
Whiteboard: LEGACY, rh9
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-04-15 13:41 UTC by Dan Williams
Modified: 2007-04-18 17:23 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-05-13 00:51:47 UTC
Embargoed:


Attachments (Terms of Use)

Description Dan Williams 2005-04-15 13:41:13 UTC
+++ This bug was initially created as a clone of Bug #154742 +++

Advisory: http://www.securityfocus.com/bid/13092/
Fedora Core 3 update:
http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00027.html

  An attacker may exploit this issue by crafting a malformed .doc file and 
  enticing a user to open this file with the affected application. If a vulnerable
  user opens this file in OpenOffice, the application may crash due to memory 
  corruption. This issue may also be leveraged to execute arbitrary code in the 
  context of the user running OpenOffice. 

Patchfile: patches-OOO_1_1-sot-overflow.diff  (from FC2 & FC3 packages)

See also bug #152784 (CAN-2004-0752) which is not yet fixed in RHL9.

Comment 1 Matthew Miller 2005-04-16 15:07:51 UTC
This should be fixed in the packages Dan made, available temporarily from
<ftp://evol.bu.edu/openoffice/>, with checksums at
<http://people.redhat.com/dcbw/ooo/rh9-ooo-md5sums.txt>.

Note that there's a mismatch with openoffice-libs-1.0.2-11.2.legacy.i386.rpm
right now -- we'll get that straightened out soon.

Comment 2 Matthew Miller 2005-04-17 03:32:36 UTC
Okay, fixed. Thanks again to Dan.

Comment 3 Dan Williams 2005-04-17 14:40:40 UTC
Note that these packages also fix Bug 152784 (CAN-2004-0752 - openoffice.org temp file handling 
bug).

Comment 4 Marc Deslauriers 2005-05-02 12:00:03 UTC
Packages were pushed to updates-testing.

Thanks again Dan for your help on this issue.

Comment 5 Pekka Savola 2005-05-06 16:39:00 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA for RHL9:
 
Installed openoffice, -i18n, and -libs.  Installation went smoothly, and
basic functionality (like opening .doc files) seemed to work OK.
 
+VERIFY RHL9
 
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFCe50QGHbTkzxSL7QRAmVRAKCV4WVXzhCPVM3tO0rK6FcPMv5G4gCfZWpm
iDAunNJFIP3VyR2J+9WxKrQ=
=kwpz
-----END PGP SIGNATURE-----

(Not sure what to put in when the bug has been split across multiple distro
versions, and some of those still need VERIFY while others don't..)


Comment 6 Marc Deslauriers 2005-05-13 00:51:47 UTC
Released to updates.


Note You need to log in before you can comment on or make changes to this bug.