Executive Summary

Summary
Titleopenoffice.org security update
Informations
NameRHSA-2010:0101First vendor Publication2010-02-12
VendorRedHatLast vendor Modification2010-02-12
Severity (Vendor) ImportantRevision02

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated openoffice.org packages that correct multiple security issues are
now available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Workstation (v. 5 client) - i386, x86_64
RHEL Optional Productivity Applications (v. 5 server) - i386, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux AS version 3 - i386, x86_64
Red Hat Enterprise Linux AS version 4 - i386, ppc, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, x86_64
Red Hat Enterprise Linux WS version 3 - i386, x86_64
Red Hat Enterprise Linux WS version 4 - i386, x86_64

3. Description:

OpenOffice.org is an office productivity suite that includes desktop
applications, such as a word processor, spreadsheet application,
presentation manager, formula editor, and a drawing program.

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way OpenOffice.org parsed XPM files. An attacker could create
a specially-crafted document, which once opened by a local, unsuspecting
user, could lead to arbitrary code execution with the permissions of the
user running OpenOffice.org. Note: This flaw affects embedded XPM files in
OpenOffice.org documents as well as stand-alone XPM files. (CVE-2009-2949)

An integer underflow flaw and a boundary error flaw, both possibly leading
to a heap-based buffer overflow, were found in the way OpenOffice.org
parsed certain records in Microsoft Word documents. An attacker could
create a specially-crafted Microsoft Word document, which once opened by a
local, unsuspecting user, could cause OpenOffice.org to crash or,
potentially, execute arbitrary code with the permissions of the user
running OpenOffice.org. (CVE-2009-3301, CVE-2009-3302)

A heap-based buffer overflow flaw, leading to memory corruption, was found
in the way OpenOffice.org parsed GIF files. An attacker could create a
specially-crafted document, which once opened by a local, unsuspecting
user, could cause OpenOffice.org to crash. Note: This flaw affects embedded
GIF files in OpenOffice.org documents as well as stand-alone GIF files.
(CVE-2009-2950)

All users of OpenOffice.org are advised to upgrade to these updated
packages, which contain backported patches to correct these issues. All
running instances of OpenOffice.org applications must be restarted for this
update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

527512 - CVE-2009-2950 openoffice.org: GIF file parsing heap overflow
527540 - CVE-2009-2949 openoffice.org: integer overflow in XPM processing
533038 - CVE-2009-3301 OpenOffice.org Word sprmTDefTable Memory Corruption
533043 - CVE-2009-3302 OpenOffice.org Word sprmTSetBrc Memory Corruption

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0101.html

CWE : Common Weakness Enumeration

idName
CWE-189Numeric Errors
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-94Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:10176
 
Oval ID: oval:org.mitre.oval:def:10176
Title: Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.
Description: Integer overflow in the XPMReader::ReadXPM function in filter.vcl/ixpm/svt_xpmread.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to execute arbitrary code via a crafted XPM file that triggers a heap-based buffer overflow.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2949
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:11050
 
Oval ID: oval:org.mitre.oval:def:11050
Title: Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression.
Description: Heap-based buffer overflow in the GIFLZWDecompressor::GIFLZWDecompressor function in filter.vcl/lgif/decode.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file, related to LZW decompression.
Family: unix Class: vulnerability
Reference(s): CVE-2009-2950
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10423
 
Oval ID: oval:org.mitre.oval:def:10423
Title: Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.
Description: Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.
Family: unix Class: vulnerability
Reference(s): CVE-2009-3301
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21919
 
Oval ID: oval:org.mitre.oval:def:21919
Title: RHSA-2010:0101: openoffice.org security update (Important)
Description: filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."
Family: unix Class: patch
Reference(s): RHSA-2010:0101-02
CESA-2010:0101
CVE-2009-2949
CVE-2009-2950
CVE-2009-3301
CVE-2009-3302
Version: 55
Platform(s): Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): openoffice.org
openoffice.org2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:10022
 
Oval ID: oval:org.mitre.oval:def:10022
Title: filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."
Description: filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."
Family: unix Class: vulnerability
Reference(s): CVE-2009-3302
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Red Hat Enterprise Linux 5
CentOS Linux 5
Oracle Linux 5
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22848
 
Oval ID: oval:org.mitre.oval:def:22848
Title: ELSA-2010:0101: openoffice.org security update (Important)
Description: filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."
Family: unix Class: patch
Reference(s): ELSA-2010:0101-02
CVE-2009-2949
CVE-2009-2950
CVE-2009-3301
CVE-2009-3302
Version: 18
Platform(s): Oracle Linux 3
Oracle Linux 4
Oracle Linux 5
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application16

OpenVAS Exploits

DateDescription
2011-08-09Name : CentOS Update for openoffice.org-base CESA-2010:0101 centos5 i386
File : nvt/gb_CESA-2010_0101_openoffice.org-base_centos5_i386.nasl
2010-11-16Name : Mandriva Update for openoffice.org MDVSA-2010:221 (openoffice.org)
File : nvt/gb_mandriva_MDVSA_2010_221.nasl
2010-06-11Name : Fedora Update for openoffice.org FEDORA-2010-9576
File : nvt/gb_fedora_2010_9576_openoffice.org_fc12.nasl
2010-06-11Name : Fedora Update for openoffice.org FEDORA-2010-9628
File : nvt/gb_fedora_2010_9628_openoffice.org_fc11.nasl
2010-03-22Name : SuSE Update for OpenOffice_org SUSE-SA:2010:017
File : nvt/gb_suse_2010_017.nasl
2010-03-16Name : FreeBSD Ports: openoffice.org
File : nvt/freebsd_openoffice.org.nasl
2010-03-02Name : Fedora Update for openoffice.org FEDORA-2010-1847
File : nvt/gb_fedora_2010_1847_openoffice.org_fc12.nasl
2010-03-02Name : Ubuntu Update for openoffice.org vulnerabilities USN-903-1
File : nvt/gb_ubuntu_USN_903_1.nasl
2010-03-02Name : Fedora Update for openoffice.org FEDORA-2010-1941
File : nvt/gb_fedora_2010_1941_openoffice.org_fc11.nasl
2010-02-19Name : OpenOffice Multiple Remote Code Execution Vulnerabilities - Feb10
File : nvt/gb_openoffice_mult_code_exec_vuln_win_feb10.nasl
2010-02-15Name : CentOS Update for openoffice.org CESA-2010:0101 centos3 i386
File : nvt/gb_CESA-2010_0101_openoffice.org_centos3_i386.nasl
2010-02-15Name : RedHat Update for openoffice.org RHSA-2010:0101-02
File : nvt/gb_RHSA-2010_0101-02_openoffice.org.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
62385OpenOffice.org (OOo) filter/ww8/ww8par2.cxx sprmTSetBrc Table Boundary Error DoS
62384OpenOffice.org (OOo) filter/ww8/ww8par2.cxx sprmTDefTable Table Underflow
62383OpenOffice.org (OOo) filter.vcl/lgif/decode.cxx GIFLZWDecompressor::GIFLZWDec...
62382OpenOffice.org (OOo) filter.vcl/ixpm/svt_xpmread.cxx XPMReader::ReadXPM Funct...

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt
RuleID : 26676 - Revision : 2 - Type : FILE-OFFICE
2014-01-10Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt
RuleID : 26675 - Revision : 2 - Type : FILE-OFFICE
2014-01-10OpenOffice.org XPM file processing integer overflow attempt
RuleID : 18537 - Revision : 8 - Type : FILE-OTHER
2014-01-10OpenOffice.org Microsoft Office Word file processing integer underflow attempt
RuleID : 18536 - Revision : 10 - Type : FILE-OFFICE
2014-01-10Microsoft Office Word file sprmTSetBrc processing buffer overflow attempt
RuleID : 18535 - Revision : 9 - Type : FILE-OFFICE
2014-01-10Microsoft Windows WordPad sprmTSetBrc SPRM overflow attempt
RuleID : 17250 - Revision : 12 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

DateDescription
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2010-0101.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100212_openoffice_org_on_SL3_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100212_openoffice_org_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20100212_openoffice_org_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_OpenOffice_org-6883.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_OpenOffice_org-6884.nasl - Type : ACT_GATHER_INFO
2011-01-21Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_OpenOffice_org-100225.nasl - Type : ACT_GATHER_INFO
2010-11-07Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-221.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-1847.nasl - Type : ACT_GATHER_INFO
2010-07-01Name : The remote Fedora host is missing a security update.
File : fedora_2010-1941.nasl - Type : ACT_GATHER_INFO
2010-03-17Name : The remote SuSE system is missing a security patch for OpenOffice_org-base-dr...
File : suse_11_2_OpenOffice_org-base-drivers-postgresql-100216.nasl - Type : ACT_GATHER_INFO
2010-03-17Name : The remote SuSE system is missing a security patch for OpenOffice_org-base-dr...
File : suse_11_1_OpenOffice_org-base-drivers-postgresql-100211.nasl - Type : ACT_GATHER_INFO
2010-03-17Name : The remote SuSE system is missing a security patch for OpenOffice_org
File : suse_11_0_OpenOffice_org-100211.nasl - Type : ACT_GATHER_INFO
2010-03-16Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_OpenOffice_org-100226.nasl - Type : ACT_GATHER_INFO
2010-03-01Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_c97d7a37223311df96dd001b2134ef46.nasl - Type : ACT_GATHER_INFO
2010-02-25Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-903-1.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1995.nasl - Type : ACT_GATHER_INFO
2010-02-15Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2010-0101.nasl - Type : ACT_GATHER_INFO
2010-02-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0101.nasl - Type : ACT_GATHER_INFO
2010-02-12Name : The remote Windows host has a program affected by multiple buffer overflows.
File : openoffice_32.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:53:14
  • Multiple Updates