Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 236083 - app-office/openoffice: code execution (64bit only)
Summary: app-office/openoffice: code execution (64bit only)
Status: RESOLVED DUPLICATE of bug 234093
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/31640/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-08-29 00:53 UTC by Christian Hoffmann (RETIRED)
Modified: 2008-08-29 06:19 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christian Hoffmann (RETIRED) gentoo-dev 2008-08-29 00:53:24 UTC 
Secunia writes:

A vulnerability has been reported in OpenOffice, which potentially
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a truncation error within the
""rtl_allocateMemory()" function. This can be exploited to cause an
out-of-bounds array access by e.g. tricking a user into opening a
malicious document.

Successful exploitation may allow the execution of arbitrary code on
64bit platforms.

Note: Reportedly, the pre-built packages distributed by
OpenOffice.org and versions compiled with the system allocator
("--with-alloc=system" configuration option) are unaffected.
Comment 1 Christian Hoffmann (RETIRED) gentoo-dev 2008-08-29 00:54:19 UTC 
Do we build with --with-alloc=system? (Too lazy to check now, may do tomorrow)

If not, we need a patched version...
Comment 2 Andreas Proschofsky (RETIRED) gentoo-dev 2008-08-29 06:19:01 UTC 
This has already been discussed some weeks ago. Short answer: Yes, we use --with-alloc=system, so our builds are not vulnerable

*** This bug has been marked as a duplicate of bug 234093 ***