5.1 - RHSA-2005:375

Executive Summary

Summary
Title	openoffice.org security update

Informations
Name	RHSA-2005:375	First vendor Publication	2005-04-25
Vendor	RedHat	Last vendor Modification	2005-04-25
Severity (Vendor)	Important	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score	5.1	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	High
Cvss Expoit Score	4.9	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated openoffice.org packages are now available.

This update has been rated as having important security impact by the Red Hat Security Response Team.

2. Problem description:

OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program.

A heap based buffer overflow bug was found in the OpenOffice.org DOC file processor. An attacker could create a carefully crafted DOC file in such a way that it could cause OpenOffice.org to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0941 to this issue.

All users of OpenOffice.org are advised to upgrade to these updated packages, which contain backported fixes for these issues.

3. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

4. Bug IDs fixed (http://bugzilla.redhat.com/):

154540 - CAN-2005-0941 openoffice.org heap overflow

5. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm 28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm

i386: 3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm 2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

x86_64: 3fb7f2cc17fdbac1690731032438fa2a openoffice.org-1.1.2-24.2.0.EL3.i386.rpm 2e5336c39975c611ffa23145d9985dbb openoffice.org-i18n-1.1.2-24.2.0.EL3.i386.rpm afa55ff288e8fa052fada08cc0a56235 openoffice.org-libs-1.1.2-24.2.0.EL3.i386.rpm

Red Hat Desktop version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm 28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm 28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/openoffice.org-1.1.2-24.2.0.EL3.src.rpm 28b62078a887294f683d0ef33c4fb7d8 openoffice.org-1.1.2-24.2.0.EL3.src.rpm

Red Hat Enterprise Linux AS version 4:

SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm 782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm

i386: 700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm 9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm 93e50067e6aa036fb4356846b61d730e openoffice.org-kde-1.1.2-24.6.0.EL4.i386.rpm fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

ppc: 9f9b16a868bac28eea5ae035a41da178 openoffice.org-1.1.2-24.6.0.EL4.ppc.rpm 0bb909a3756f7256d5016cb4e8135906 openoffice.org-i18n-1.1.2-24.6.0.EL4.ppc.rpm 92b028f02db5c193274486119c9ec763 openoffice.org-kde-1.1.2-24.6.0.EL4.ppc.rpm 02e37584c158d993c83d72dfbdc4f265 openoffice.org-libs-1.1.2-24.6.0.EL4.ppc.rpm

x86_64: 700fc3a6036a9206f31bd7d9ac7db80c openoffice.org-1.1.2-24.6.0.EL4.i386.rpm 9dc5d0f31383ea144f216c7bfe18efa2 openoffice.org-i18n-1.1.2-24.6.0.EL4.i386.rpm fb4760c12f39bdea783d35ddecdf7ff7 openoffice.org-libs-1.1.2-24.6.0.EL4.i386.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm 782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm 782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/openoffice.org-1.1.2-24.6.0.EL4.src.rpm 782df44227035bdae27f4d5b82548244 openoffice.org-1.1.2-24.6.0.EL4.src.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2005-375.html

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:9106

Oval ID:	oval:org.mitre.oval:def:9106
Title:	The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.
Description:	The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2005-0941	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section openoffice.org-libs is earlier than 0:1.1.2-24.2.0.EL3 AND openoffice.org is earlier than 0:1.1.2-24.2.0.EL3 AND openoffice.org-i18n is earlier than 0:1.1.2-24.2.0.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section openoffice.org-libs is earlier than 0:1.1.2-24.6.0.EL4 AND openoffice.org is earlier than 0:1.1.2-24.6.0.EL4 AND openoffice.org-kde is earlier than 0:1.1.2-24.6.0.EL4 AND openoffice.org-i18n is earlier than 0:1.1.2-24.6.0.EL4

CPE : Common Platform Enumeration

Type	Description	Count
Application	Openoffice cpe:2.3:a:openoffice:openoffice:1.1.4:::::::* cpe:2.3:a:openoffice:openoffice:1.1.3:::::::* cpe:2.3:a:openoffice:openoffice:1.1.2:::::::* cpe:2.3:a:openoffice:openoffice:1.1.1:::::::* cpe:2.3:a:openoffice:openoffice:1.1.0:::::::* cpe:2.3:a:openoffice:openoffice:1.0.2:::::::* cpe:2.3:a:openoffice:openoffice:1.0.1:::::::*	7

OpenVAS Exploits

Date	Description
2008-09-24	Name : Gentoo Security Advisory GLSA 200504-13 (OpenOffice) File : nvt/glsa_200504_13.nasl
2008-09-04	Name : openoffice -- DOC document heap overflow vulnerability File : nvt/freebsd_openoffice.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
15491	OpenOffice.org (OOo) DOC Processing StgCompObjStream::Load() Function Overflow

Nessus® Vulnerability Scanner

Date	Description
2006-07-03	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-375.nasl - Type : ACT_GATHER_INFO
2006-01-15	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-121-1.nasl - Type : ACT_GATHER_INFO
2005-09-12	Name : The remote Fedora Core host is missing a security update. File : fedora_2005-316.nasl - Type : ACT_GATHER_INFO
2005-07-13	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b206dd82ac6711d9a7880001020eed82.nasl - Type : ACT_GATHER_INFO
2005-05-11	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-082.nasl - Type : ACT_GATHER_INFO
2005-04-25	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-375.nasl - Type : ACT_GATHER_INFO
2005-04-19	Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2005_025.nasl - Type : ACT_GATHER_INFO
2005-04-16	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200504-13.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:49:17	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	1
CPE ID(s)	7
osvdb(s)	1
Openvas Exploit(s)	2
Nessus® Exploit(s)	8

	Related
5.1	CVE-2005-0941
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 1 more Alert(s)

5.1 - RHSA-2005:375

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU