Bug 154989 - RH9: CAN-2005-0941: remote heap overflow vulnerability (bad .doc file can exec arbitrary code)
RH9: CAN-2005-0941: remote heap overflow vulnerability (bad .doc file can exe...
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: openoffice (Show other bugs)
rhl9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
LEGACY, rh9
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-15 09:41 EDT by Dan Williams
Modified: 2007-04-18 13:23 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-12 20:51:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dan Williams 2005-04-15 09:41:13 EDT
+++ This bug was initially created as a clone of Bug #154742 +++

Advisory: http://www.securityfocus.com/bid/13092/
Fedora Core 3 update:
http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00027.html

  An attacker may exploit this issue by crafting a malformed .doc file and 
  enticing a user to open this file with the affected application. If a vulnerable
  user opens this file in OpenOffice, the application may crash due to memory 
  corruption. This issue may also be leveraged to execute arbitrary code in the 
  context of the user running OpenOffice. 

Patchfile: patches-OOO_1_1-sot-overflow.diff  (from FC2 & FC3 packages)

See also bug #152784 (CAN-2004-0752) which is not yet fixed in RHL9.
Comment 1 Matthew Miller 2005-04-16 11:07:51 EDT
This should be fixed in the packages Dan made, available temporarily from
<ftp://evol.bu.edu/openoffice/>, with checksums at
<http://people.redhat.com/dcbw/ooo/rh9-ooo-md5sums.txt>.

Note that there's a mismatch with openoffice-libs-1.0.2-11.2.legacy.i386.rpm
right now -- we'll get that straightened out soon.
Comment 2 Matthew Miller 2005-04-16 23:32:36 EDT
Okay, fixed. Thanks again to Dan.
Comment 3 Dan Williams 2005-04-17 10:40:40 EDT
Note that these packages also fix Bug 152784 (CAN-2004-0752 - openoffice.org temp file handling 
bug).
Comment 4 Marc Deslauriers 2005-05-02 08:00:03 EDT
Packages were pushed to updates-testing.

Thanks again Dan for your help on this issue.
Comment 5 Pekka Savola 2005-05-06 12:39:00 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA for RHL9:
 
Installed openoffice, -i18n, and -libs.  Installation went smoothly, and
basic functionality (like opening .doc files) seemed to work OK.
 
+VERIFY RHL9
 
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFCe50QGHbTkzxSL7QRAmVRAKCV4WVXzhCPVM3tO0rK6FcPMv5G4gCfZWpm
iDAunNJFIP3VyR2J+9WxKrQ=
=kwpz
-----END PGP SIGNATURE-----

(Not sure what to put in when the bug has been split across multiple distro
versions, and some of those still need VERIFY while others don't..)
Comment 6 Marc Deslauriers 2005-05-12 20:51:47 EDT
Released to updates.

Note You need to log in before you can comment on or make changes to this bug.