Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 244995 (CVE-2008-2237) - app-office/openoffice < 2.4.2: OpenOffice WMF and EMF Processing Buffer Overflows (CVE-2008-{2237,2238})
Summary: app-office/openoffice < 2.4.2: OpenOffice WMF and EMF Processing Buffer Overf...
Status: RESOLVED FIXED
Alias: CVE-2008-2237
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High critical
Assignee: Gentoo Security
URL: http://secunia.com/advisories/32419/
Whiteboard: A2 [glsa]
Keywords:
Depends on: CVE-2008-4937
Blocks:
  Show dependency tree
 
Reported: 2008-10-30 18:55 UTC by Matti Bickel (RETIRED)
Modified: 2008-12-12 23:08 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matti Bickel (RETIRED) gentoo-dev 2008-10-30 18:55:04 UTC
From Secunia:

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
OpenOffice.org 2.x
http://secunia.com/advisories/product/6157/

DESCRIPTION:
Some vulnerabilities have been reported in OpenOffice, which
potentially can be exploited by malicious people to compromise a
user's system.

1) An error in the processing of WMF files can be exploited to cause
a heap-based buffer overflow via a specially crafted
StarOffice/StarSuite document.

2) An error in the processing of EMF files can be exploited to cause
a heap-based buffer overflow via a specially crafted
StarOffice/StarSuite document.

Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.

The vulnerabilities are reported in 2.x versions prior to 2.4.2.

SOLUTION:
Update to version 2.4.2.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) an anonymous researcher working with the SureRun Security Team
2) an anonymous researcher working with iDefense

ORIGINAL ADVISORY:
http://www.openoffice.org/security/cves/CVE-2008-2237.html
http://www.openoffice.org/security/cves/CVE-2008-2238.html
Comment 1 Matti Bickel (RETIRED) gentoo-dev 2008-10-30 18:57:05 UTC
This bug just adds more urgency to bug #235824
Comment 2 Andreas Proschofsky (RETIRED) gentoo-dev 2008-10-30 20:09:12 UTC
(In reply to comment #1)
> This bug just adds more urgency to bug #235824
> 

Totally agree, 3.0 should be the way to go, not 2.4.2.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-10-30 22:14:51 UTC
There's no need to CC arches to two bugs. If this bug gets it stable fix by the other bug, we can just set dependings and mark it blocked in whiteboard.
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2008-10-30 22:34:11 UTC
CVE-2008-2237 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2237):
  Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2
  allows remote attackers to execute arbitrary code via a crafted WMF
  file associated with a StarOffice/StarSuite document.

CVE-2008-2238 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2238):
  Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2
  allows remote attackers to execute arbitrary code via a crafted EMF
  file associated with a StarOffice/StarSuite document.

Comment 5 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-12-12 23:08:24 UTC
GLSA 200812-13