Bug 251717 - (CVE-2007-4251) CVE-2007-4251 OpenOffice crashes upon opening certain files
CVE-2007-4251 OpenOffice crashes upon opening certain files
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-08-10 12:38 EDT by Lubomir Kundrak
Modified: 2007-08-14 04:31 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-14 04:31:06 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to avoid (1.24 KB, patch)
2007-08-13 05:14 EDT, Caolan McNamara
no flags Details | Diff

  None (edit)
Description Lubomir Kundrak 2007-08-10 12:38:44 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4251
to the following vulnerability:

OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service.

References:

http://www.securityfocus.com/archive/1/archive/1/475534/100/0/threaded
Comment 2 Caolan McNamara 2007-08-13 05:12:11 EDT
"An issue in OpenOffice 2.2 Multiple File Extension Handling leads to denial
of service conditions. Due to the minimum severity of the issue, the
information is provided in Information Table. The issue does not allow code
execution. Eleytt provides exemplary PoC exploits for this issue for
reponsible security companies only."
Comment 3 Caolan McNamara 2007-08-13 05:14:36 EDT
Created attachment 161161 [details]
patch to avoid

This patch should suffice. Is there a security bug here, not convinced really.
We throw on attempting to allocate the massive negative value string. 

Should this be reassigned to me and component openoffice.org ?
Comment 4 Lubomir Kundrak 2007-08-13 05:29:15 EDT
Caolan: thanks for the investigation. Attempting to allocate a negative amount
of memory is not something we would call a security issue, so we don't want this
to be fixed in RHEL now.

This bug is here for serves as a reference to results of investigation and our
opinion about the issue so it's not to be assigned to you. In case wanted to fix
this you'd be assigned separate tracking bugs for each release.
Comment 5 Mark J. Cox (Product Security) 2007-08-14 04:31:06 EDT
Red Hat does not consider this flaw a security issue. This flaw will only crash
OpenOffice.org if a victim opens a malicious document.

Note You need to log in before you can comment on or make changes to this bug.