Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2011.0080
New OpenOffice.org packages fix several vulnerabilities
27 January 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: openoffice.org
Publisher: Debian
Operating System: Debian GNU/Linux 5
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Modify Arbitrary Files -- Remote with User Interaction
Overwrite Arbitrary Files -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2010-4643 CVE-2010-4253 CVE-2010-3689
CVE-2010-3454 CVE-2010-3453 CVE-2010-3452
CVE-2010-3451 CVE-2010-3450
Original Bulletin:
http://www.debian.org/security/2010/dsa-2151
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running openoffice.org check for an updated version of the software
for their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - --------------------------------------------------------------------------
Debian Security Advisory DSA 2151-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
January 26th, 2011 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------
Package : openoffice.org
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2010-3450 CVE-2010-3451 CVE-2010-3452 CVE-2010-3453
CVE-2010-3454 CVE-2010-3689 CVE-2010-4253 CVE-2010-4643
Several security related problems have been discovered in the
OpenOffice.org package that allows malformed documents to trick the
system into crashes or even the execution of arbitrary code.
CVE-2010-3450
During an internal security audit within Red Hat, a directory
traversal vulnerability has been discovered in the way
OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If
a local user is tricked into opening a specially-crafted OOo XML
filters package file, this problem could allow remote attackers to
create or overwrite arbitrary files belonging to local user or,
potentially, execute arbitrary code.
CVE-2010-3451
During his work as a consultant at Virtual Security Research
(VSR), Dan Rosenberg discovered a vulnerability in
OpenOffice.org's RTF parsing functionality. Opening a maliciously
crafted RTF document can caus an out-of-bounds memory read into
previously allocated heap memory, which may lead to the execution
of arbitrary code.
CVE-2010-3452
Dan Rosenberg discovered a vulnerability in the RTF file parser
which can be leveraged by attackers to achieve arbitrary code
execution by convincing a victim to open a maliciously crafted RTF
file.
CVE-2010-3453
As part of his work with Virtual Security Research, Dan Rosenberg
discovered a vulnerability in the WW8ListManager::WW8ListManager()
function of OpenOffice.org that allows a maliciously crafted file
to cause the execution of arbitrary code.
CVE-2010-3454
As part of his work with Virtual Security Research, Dan Rosenberg
discovered a vulnerability in the WW8DopTypography::ReadFromMem()
function in OpenOffice.org that may be exploited by a maliciously
crafted file which allowins an attacker to control program flow
and potentially execute arbitrary code.
CVE-2010-3689
Dmitri Gribenko discovered that the soffice script does not treat
an empty LD_LIBRARY_PATH variable like an unset one, may lead to
the execution of arbitrary code.
CVE-2010-4253
A heap based buffer overflow has been discovered with unknown impact.
CVE-2010-4643
A vulnerability has been discovered in the way OpenOffice.org
handles TGA graphics which can be tricked by a specially crafted
TGA file that could cause the program to crash due to a heap-based
buffer overflow with unknown impact.
For the stable distribution (lenny) these problems have been fixed in
version 2.4.1+dfsg-1+lenny11.
For the upcoming stable distribution (squeeze) these problems have
been fixed in version 3.2.1-11+squeeze1.
For the unstable distribution (sid) these problems have been fixed in
version 3.2.1-11+squeeze1.
For the experimental distribution these problems have been fixed in
version 3.3.0~rc3-1.
We recommend that you upgrade your OpenOffice.org packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: [18]http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFNQEkOW5ql+IAeqTIRAp9GAJ0WTb4z3fzW9x3TK3aux2v/zWtIPQCfRdzx
+AX/hG1qBThFdf0f6k2SiMQ=
=O7sd
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFNQLK9/iFOrG6YcBERAoIZAJ9dStw9T/b3ds5UWdkvI+wK2iAisgCgsUWh
yzpkPx4couZIhSBHYk/mzzw=
=o/P4
-----END PGP SIGNATURE-----