oss-sec mailing list archives
Re: OpenOffice.org CVE-2009-2139
From: Thomas Biege <thomas () suse de>
Date: Thu, 10 Sep 2009 13:12:22 +0200
Hi,
there was a thread about it on vendor-sec some month ago.
Here are the two descriptions from Petr:
CVE-2009-2139
Manipulated EMF files can lead to heap overflows and arbitrary code
execution
* Synopsis: Manipulated EMF files can lead to heap overflows and
arbitrary code execution
* State: Resolved
1. Impact
A security vulnerability with the way OpenOffice/Go-oo 2.x and 3.x process EMF
files may allow a remote unprivileged user who provides an OpenOffice.org/Go-oo
document that is opened by a local user to execute arbitrary commands on the
system with the privileges of the user running OpenOffice.org/Go-oo. No working
exploit is known right now.
2. Affected releases
The problem was introduced in OpenOffice.org release, based on ooo-build (Go-oo),
version 2.1. It was fixed in the version 3.0.1. The original OpenOffice.org
builds, available from http://www.openoffice.org/, were not affected.
3. Symptoms
There are no predictable symptoms that would indicate this issue has occurred
4. Relief/Workaround
There is no workaround. See "Resolution" below.
5. Resolution
This issue is addressed in the following release:
OpenOffice.org, based on ooo-build (Go-oo), version 3.0.1
Note: The original OpenOffice.org builds, available from http://www.openoffice.org/,
were newer affected by this vulnerability.
6. Comments
The issue is similar to CVE-2008-2238. The ooo-build-specific variant was found and fixed by ooo-build (Go-oo)
developers.
And:
CVE-2009-2140
Manipulated EMF+ files can lead to heap overflows and arbitrary code
execution
* Synopsis: Manipulated EMF+ files can lead to heap overflows and
arbitrary code execution
* State: Resolved
1. Impact
A security vulnerability with the way OpenOffice/Go-oo 2.x and 3.x
process EMF+ files may allow a remote unprivileged user who provides an
OpenOffice.org/Go-oo document that is opened by a local user to execute
arbitrary commands on the system with the privileges of the user running
OpenOffice.org/Go-oo. No working exploit is known right now.
2. Affected releases
The problem was introduced in OpenOffice.org release, based on ooo-build
(Go-oo), version 2.3.1. It was fixed in the version 3.0.1. Only the builds
supporting EMF+ import (applying EMFPlus patchset) were affected. The
original OpenOffice.org builds, available from http://www.openoffice.org/,
were newer affected.
3. Symptoms
There are no predictable symptoms that would indicate this issue has occurred
4. Relief/Workaround
There is no workaround. See "Resolution" below.
5. Resolution
This issue is addressed in the following release:
OpenOffice.org, based on ooo-build (Go-oo), version 3.0.1
Note: The original OpenOffice.org builds, available from http://www.openoffice.org/,
were newer affected by this vulnerability.
6. Comments
The issue is similar to CVE-2008-2238. The ooo-build-specific variant was found
and fixed by ooo-build (Go-oo) developers.
On Wed, Sep 09, 2009 at 09:12:40PM +0200, Tomas Hoger wrote:
Hi! Does anyone have more info on CVE-2009-2139 besides Debian advisory? http://www.debian.org/security/2009/dsa-1880 -- Tomas Hoger / Red Hat Security Response Team
--
Bye,
Thomas
--
Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
Wer aufhoert besser werden zu wollen, hoert auf gut zu sein.
-- Marie von Ebner-Eschenbach
Current thread:
- OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 09)
- Re: OpenOffice.org CVE-2009-2139 Thomas Biege (Sep 10)
- Re: OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 10)
- Re: OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 11)
- Re: OpenOffice.org CVE-2009-2139 Steven M. Christey (Sep 21)
- Re: OpenOffice.org CVE-2009-2139 Marcus Meissner (Sep 22)
- Re: OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 10)
- Re: OpenOffice.org CVE-2009-2139 Thomas Biege (Sep 10)