User: Password:
|
|
Subscribe / Log in / New account

Security

An OpenOffice.org vulnerability

April 13, 2005

This article was contributed by Joe 'Zonker' Brockmeier.

Many OpenOffice.org users have felt secure in using OpenOffice.org to open Microsoft Office files, assuming that the malware that attacks Microsoft Office would not affect the OpenOffice.org suite.

That may well be true, but it looks like the OpenOffice.org suite has a problem of its own. The OpenOffice.org suite has a vulnerability in its handling of .doc files. The flaw was discovered at the end of March, and was reported to the full-disclosure mailing list on Monday. The vulnerability affects the 1.1.4 and 2.0 series of the OpenOffice.org suite. It's unclear whether the vulnerability affects StarOffice, but it seems likely that it would.

According to the Secunia advisory the problem is a boundary error in the "StgCompObjStream::Load()" function used to process .doc files. Theoretically, this vulnerability could be exploited to execute code in almost all versions of OpenOffice.org if a user opens a specially-crafted document. The vulnerability has been labeled "moderately critical" by Secunia, because it could allow a system to be compromised, but requires user interaction.

We touched base with OpenOffice.org community manager Louis Suarez-Potts about the bug. According to Suarez-Potts, work "began immediately" when the vulnerability was discovered, and the project is testing the patch on all platforms and languages supported by the OpenOffice.org suite.

At this time, Suarez-Potts says that the project is not aware of any real-world exploits of this vulnerability. The vulnerability exists on all platforms, but he said that he has "no idea" if it would be possible to craft a document to do something harmful on all platforms, or if it would only be possible to target one platform with a malformed .doc file.

It does seem likely that the OpenOffice.org project will be targeted more frequently by malware authors as it gains in popularity, though Suarez-Potts says that OpenOffice.org is "not as fun a target as MSFT."

This should serve as a cautionary tale for users of the OpenOffice.org suite. While this particular vulnerability was discovered before any exploits appeared in the wild, it's possible that exploits for future vulnerabilities could appear before the first report. Even though OpenOffice.org has a much better track record than Microsoft Office, users should exercise caution when opening any document from an untrusted source.

The LWN vulnerability database entry for this bug will track updates as they become available.

Comments (2 posted)

New vulnerabilities

Axel: vulnerability in HTTP redirection handling

Package(s):axel CVE #(s):CAN-2005-0390
Created:April 12, 2005 Updated:April 13, 2005
Description: A possible buffer overflow has been reported in the HTTP redirection handling code in conn.c. A remote attacker could exploit this vulnerability by setting up a malicious site and enticing a user to connect to it. This could possibly lead to the execution of arbitrary code with the permissions of the user running Axel.
Alerts:
Debian DSA-706-1 axel 2005-04-13
Gentoo 200504-09 axel 2005-04-12

Comments (none posted)

gld: multiple vulnerabilities

Package(s):gld CVE #(s):
Created:April 13, 2005 Updated:April 13, 2005
Description: The Postfix graylisting daemon (gld), through version 1.4, contains several remotely exploitable buffer overflow vulnerabilities. See this advisory for details.
Alerts:
Gentoo 200504-10 gld 2005-04-13

Comments (none posted)

junkbuster: heap corruption and settings modification

Package(s):junkbuster CVE #(s):CVE-2005-1108 CVE-2005-1109
Created:April 13, 2005 Updated:November 5, 2005
Description: JunkBuster through version 2.02-r2 contains two vulnerabilities: a heap corruption bug and a possible privacy violation.
Alerts:
Debian DSA-713-1 junkbuster 2005-04-21
Gentoo 200504-11 junkbuster 2005-04-13

Comments (1 posted)

kernel: arbitrary code execution, DoS

Package(s):kernel CVE #(s):CAN-2005-0867 CAN-2005-0937
Created:April 11, 2005 Updated:April 19, 2005
Description: Alexander Nyberg discovered an integer overflow in the sysfs_write_file() function. A local attacker could exploit this to crash the kernel or possibly even execute arbitrary code with root privileges by writing to an user-writable file in /sys under certain low-memory conditions. However, there are very few cases where a user-writeable sysfs file actually exists. (CAN-2005-0867)

Olof Johansson discovered a Denial of Service vulnerability in the futex functions, which provide semaphores for exclusive locking of resources. A local attacker could possibly exploit this to cause a kernel deadlock. (CAN-2005-0937)

Alerts:
Red Hat RHSA-2005:366-01 kernel 2005-04-19
Ubuntu USN-110-1 linux-source-2.6.8.1 2005-04-11

Comments (none posted)

OpenOffice.org: .doc parser buffer overflow

Package(s):openoffice.org CVE #(s):CAN-2005-0941
Created:April 13, 2005 Updated:May 13, 2005
Description: OpenOffice.org suffers from a buffer overflow in the parsing code for MS Word files; see this advisory for details. Since this vulnerability could conceivably be exploited via files received in email messages, it should be taken seriously.
Alerts:
Fedora-Legacy FLSA:154988 openoffice.org 2005-05-12
Ubuntu USN-121-1 openoffice.org 2005-05-06
Mandriva MDKSA-2005:082 OpenOffice.org 2005-05-06
Red Hat RHSA-2005:375-01 openoffice.org 2005-04-25
SuSE SUSE-SA:2005:025 OpenOffice_org 2005-04-19
Gentoo 200504-13 openoffice 2005-04-15
Fedora FEDORA-2005-316 openoffice.org 2005-04-13

Comments (none posted)

phpMyAdmin: cross-site scripting

Package(s):phpmyadmin CVE #(s):
Created:April 11, 2005 Updated:April 13, 2005
Description: phpMyAdmin versions before 2.6.2-rc1 are vulnerable to a cross-site scripting attack. An attacker sending a specially-crafted request could inject and execute malicious script code.
Alerts:
Gentoo 200504-08 phpmyadmin 2005-04-11

Comments (none posted)

rsnapshot: symlink vulnerability

Package(s):rsnapshot CVE #(s):
Created:April 13, 2005 Updated:April 13, 2005
Description: rsnapshot (prior to version 1.2.1) suffers from a symlink vulnerability.
Alerts:
Gentoo 200504-12 rsnapshot 2005-04-13

Comments (none posted)

Resources

Linux wins on security in survey of 6,000+ software developers

Here's a press release about the first annual Security Issues Survey, to be presented at the Software Security Summit conference in La Jolla, California. BZ Research polled 6,344 software development managers about the security of different popular enterprise operating environments and Linux and open source consistently topped Microsoft Windows, according to respondents.

Full Story (comments: 8)

Page editor: Jonathan Corbet
Next page: Kernel development>>


Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds