Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 244995 (CVE-2008-2237)

Summary: app-office/openoffice < 2.4.2: OpenOffice WMF and EMF Processing Buffer Overflows (CVE-2008-{2237,2238})
Product: Gentoo Security Reporter: Matti Bickel (RETIRED) <mabi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: critical CC: office
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/32419/
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 235824    
Bug Blocks:    

Description Matti Bickel (RETIRED) gentoo-dev 2008-10-30 18:55:04 UTC 
From Secunia:

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
OpenOffice.org 2.x
http://secunia.com/advisories/product/6157/

DESCRIPTION:
Some vulnerabilities have been reported in OpenOffice, which
potentially can be exploited by malicious people to compromise a
user's system.

1) An error in the processing of WMF files can be exploited to cause
a heap-based buffer overflow via a specially crafted
StarOffice/StarSuite document.

2) An error in the processing of EMF files can be exploited to cause
a heap-based buffer overflow via a specially crafted
StarOffice/StarSuite document.

Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.

The vulnerabilities are reported in 2.x versions prior to 2.4.2.

SOLUTION:
Update to version 2.4.2.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) an anonymous researcher working with the SureRun Security Team
2) an anonymous researcher working with iDefense

ORIGINAL ADVISORY:
http://www.openoffice.org/security/cves/CVE-2008-2237.html
http://www.openoffice.org/security/cves/CVE-2008-2238.html
Comment 1 Matti Bickel (RETIRED) gentoo-dev 2008-10-30 18:57:05 UTC 
This bug just adds more urgency to bug #235824
Comment 2 Andreas Proschofsky (RETIRED) gentoo-dev 2008-10-30 20:09:12 UTC 
(In reply to comment #1)
> This bug just adds more urgency to bug #235824
> 

Totally agree, 3.0 should be the way to go, not 2.4.2.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-10-30 22:14:51 UTC 
There's no need to CC arches to two bugs. If this bug gets it stable fix by the other bug, we can just set dependings and mark it blocked in whiteboard.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-10-30 22:34:11 UTC 
CVE-2008-2237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2237):
  Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2
  allows remote attackers to execute arbitrary code via a crafted WMF
  file associated with a StarOffice/StarSuite document.

CVE-2008-2238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2238):
  Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2
  allows remote attackers to execute arbitrary code via a crafted EMF
  file associated with a StarOffice/StarSuite document.
Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-12-12 23:08:24 UTC 
GLSA 200812-13