oss-sec mailing list archives
Re: OpenOffice.org CVE-2009-2139
From: Thomas Biege <thomas () suse de>
Date: Thu, 10 Sep 2009 13:12:22 +0200
Hi, there was a thread about it on vendor-sec some month ago. Here are the two descriptions from Petr: CVE-2009-2139 Manipulated EMF files can lead to heap overflows and arbitrary code execution * Synopsis: Manipulated EMF files can lead to heap overflows and arbitrary code execution * State: Resolved 1. Impact A security vulnerability with the way OpenOffice/Go-oo 2.x and 3.x process EMF files may allow a remote unprivileged user who provides an OpenOffice.org/Go-oo document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org/Go-oo. No working exploit is known right now. 2. Affected releases The problem was introduced in OpenOffice.org release, based on ooo-build (Go-oo), version 2.1. It was fixed in the version 3.0.1. The original OpenOffice.org builds, available from http://www.openoffice.org/, were not affected. 3. Symptoms There are no predictable symptoms that would indicate this issue has occurred 4. Relief/Workaround There is no workaround. See "Resolution" below. 5. Resolution This issue is addressed in the following release: OpenOffice.org, based on ooo-build (Go-oo), version 3.0.1 Note: The original OpenOffice.org builds, available from http://www.openoffice.org/, were newer affected by this vulnerability. 6. Comments The issue is similar to CVE-2008-2238. The ooo-build-specific variant was found and fixed by ooo-build (Go-oo) developers. And: CVE-2009-2140 Manipulated EMF+ files can lead to heap overflows and arbitrary code execution * Synopsis: Manipulated EMF+ files can lead to heap overflows and arbitrary code execution * State: Resolved 1. Impact A security vulnerability with the way OpenOffice/Go-oo 2.x and 3.x process EMF+ files may allow a remote unprivileged user who provides an OpenOffice.org/Go-oo document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org/Go-oo. No working exploit is known right now. 2. Affected releases The problem was introduced in OpenOffice.org release, based on ooo-build (Go-oo), version 2.3.1. It was fixed in the version 3.0.1. Only the builds supporting EMF+ import (applying EMFPlus patchset) were affected. The original OpenOffice.org builds, available from http://www.openoffice.org/, were newer affected. 3. Symptoms There are no predictable symptoms that would indicate this issue has occurred 4. Relief/Workaround There is no workaround. See "Resolution" below. 5. Resolution This issue is addressed in the following release: OpenOffice.org, based on ooo-build (Go-oo), version 3.0.1 Note: The original OpenOffice.org builds, available from http://www.openoffice.org/, were newer affected by this vulnerability. 6. Comments The issue is similar to CVE-2008-2238. The ooo-build-specific variant was found and fixed by ooo-build (Go-oo) developers. On Wed, Sep 09, 2009 at 09:12:40PM +0200, Tomas Hoger wrote:
Hi! Does anyone have more info on CVE-2009-2139 besides Debian advisory? http://www.debian.org/security/2009/dsa-1880 -- Tomas Hoger / Red Hat Security Response Team
-- Bye, Thomas -- Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Wer aufhoert besser werden zu wollen, hoert auf gut zu sein. -- Marie von Ebner-Eschenbach
Current thread:
- OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 09)
- Re: OpenOffice.org CVE-2009-2139 Thomas Biege (Sep 10)
- Re: OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 10)
- Re: OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 11)
- Re: OpenOffice.org CVE-2009-2139 Steven M. Christey (Sep 21)
- Re: OpenOffice.org CVE-2009-2139 Marcus Meissner (Sep 22)
- Re: OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 10)
- Re: OpenOffice.org CVE-2009-2139 Thomas Biege (Sep 10)