Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200807-05
HistoryJul 09, 2008 - 12:00 a.m.

OpenOffice.org: User-assisted execution of arbitrary code

2008-07-0900:00:00
Gentoo Foundation
security.gentoo.org
12

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.087 Low

EPSS

Percentile

94.4%

JSON

Background

OpenOffice.org is an open source office productivity suite, including word processing, spreadsheet, presentation, drawing, data charting, formula editing, and file conversion facilities.

Description

Sean Larsson (iDefense Labs) reported an integer overflow in the function rtl_allocateMemory() in the file sal/rtl/source/alloc_global.c.

Impact

A remote attacker could entice a user to open a specially crafted document, possibly resulting in the remote execution of arbitrary code with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All OpenOffice.org users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-office/openoffice-2.4.1"

All OpenOffice.org binary users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.4.1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-office/openoffice<Β 2.4.1UNKNOWN
Gentooanyallapp-office/openoffice-bin<Β 2.4.1UNKNOWN

Related

openvas 32
cve 2
nessus 15
securityvulns 2
prion 2
fedora 5
redhat 2
centos 2
seebug 1
veracode 1
ubuntucve 2
oraclelinux 1
openvas
openvas
OpenOffice rtl_allocateMemory Heap Based BOF Vulnerability
2008-10-01 00:00:00
CentOS Update for openoffice.org2-base CESA-2008:0537 centos4 i386
2009-02-27 00:00:00
Fedora Update for openoffice.org FEDORA-2008-5143
2009-02-17 00:00:00
cve
cve
CVE-2008-2152
2008-06-10 18:32:00
CVE-2008-3282
2008-08-29 18:41:00
nessus
nessus
Fedora 9 : openoffice.org-2.4.1-17.3.fc9 (2008-5143)
2008-06-12 00:00:00
RHEL 4 / 5 : openoffice.org (RHSA-2008:0537)
2008-06-16 00:00:00
Scientific Linux Security Update : openoffice.org on SL5.x i386/x86_64
2012-08-01 00:00:00
securityvulns
securityvulns
iDefense Security Advisory 06.10.08: Multiple Vendor OpenOffice rtl_allocateMemory&#40;&#41; Integer Overflow Vulnerability
2008-06-10 00:00:00
OpenOffice integer overflow
2008-06-10 00:00:00
prion
prion
Integer overflow
2008-06-10 18:32:00
Integer overflow
2008-08-29 18:41:00
fedora
fedora
[SECURITY] Fedora 9 Update: openoffice.org-2.4.1-17.3.fc9
2008-06-11 04:39:18
[SECURITY] Fedora 8 Update: openoffice.org-2.3.0-6.15.fc8
2008-06-11 23:35:32
[SECURITY] Fedora 8 Update: openoffice.org-2.3.0-6.16.fc8
2008-09-10 07:24:03
redhat
redhat
(RHSA-2008:0537) Important: openoffice.org security update
2008-06-12 00:00:00
(RHSA-2008:0538) Important: openoffice.org security update
2008-06-12 00:00:00
centos
centos
openoffice.org2 security update
2008-06-27 10:26:05
openoffice.org security update
2008-06-14 08:53:15
seebug
seebug
OpenOffice rtl_allocateMemory()ε‡½ζ•°ε †ζΊ’ε‡ΊζΌζ΄ž
2008-06-14 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:31:56
ubuntucve
ubuntucve
CVE-2008-2152
2008-06-10 00:00:00
CVE-2008-3282
2008-08-29 00:00:00
oraclelinux
oraclelinux
openoffice.org security update
2008-06-13 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.087 Low

EPSS

Percentile

94.4%

JSON
Related for GLSA-200807-05
openvas32cve2nessus15securityvulns2prion2fedora5redhat2centos2seebug1veracode1ubuntucve2oraclelinux1