CVE-2007-2834HIGH
Description
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.
References
http://bugs.gentoo.org/show_bug.cgi?id=192818
http://fedoranews.org/updates/FEDORA-2007-237.shtml
http://fedoranews.org/updates/FEDORA-2007-700.shtml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=593
http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00002.html
http://secunia.com/advisories/26816
http://secunia.com/advisories/26817
http://secunia.com/advisories/26839
http://secunia.com/advisories/26844
http://secunia.com/advisories/26855
http://secunia.com/advisories/26861
http://secunia.com/advisories/26891
http://secunia.com/advisories/26903
http://secunia.com/advisories/26912
http://secunia.com/advisories/27077
http://secunia.com/advisories/27087
http://secunia.com/advisories/27370
http://security.gentoo.org/glsa/glsa-200710-24.xml
http://securitytracker.com/id?1018702
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200190-1
http://www.debian.org/security/2007/dsa-1375
http://www.mandriva.com/security/advisories?name=MDKSA-2007:186
http://www.openoffice.org/security/cves/CVE-2007-2834.html
http://www.redhat.com/support/errata/RHSA-2007-0848.html
http://www.securityfocus.com/archive/1/479965/100/0/threaded
http://www.securityfocus.com/bid/25690
http://www.ubuntu.com/usn/usn-524-1
http://www.vupen.com/english/advisories/2007/3184
http://www.vupen.com/english/advisories/2007/3262
https://exchange.xforce.ibmcloud.com/vulnerabilities/36656
https://issues.rpath.com/browse/RPL-1740
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9967
Vulnerable Software
Configuration 1
AND
OR
cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:3:*:*:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*
OR
cpe:2.3:a:openoffice:openoffice:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:openoffice:openoffice:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:staroffice:6.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:staroffice:7.0:*:*:*:*:*:*:*
Configuration 2
OR
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:as:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:es:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:3.0:*:ws:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:as:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:es:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:4.0:*:ws:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:client:*:*:*:*:*
cpe:2.3:o:redhat:fedora_core:6:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 107858 | Solaris 10 (x86) : 120190-23 | Nessus | Solaris Local Security Checks | high |
| 107857 | Solaris 10 (x86) : 120186-23 | Nessus | Solaris Local Security Checks | high |
| 107356 | Solaris 10 (sparc) : 120189-23 | Nessus | Solaris Local Security Checks | high |
| 107355 | Solaris 10 (sparc) : 120185-23 | Nessus | Solaris Local Security Checks | high |
| 67561 | Oracle Linux 3 / 4 : openoffice.org (ELSA-2007-0848) | Nessus | Oracle Linux Local Security Checks | high |
| 60251 | Scientific Linux Security Update : openoffice.org on SL5.x, SL4.x, SL3.x i386/x86_64 | Nessus | Scientific Linux Local Security Checks | high |
| 56500 | FreeBSD : openoffice -- arbitrary command execution vulnerability (e595e170-6771-11dc-8be8-02e0185f8d72) | Nessus | FreeBSD Local Security Checks | high |
| 29367 | SuSE 10 Security Update : OpenOffice (ZYPP Patch Number 4320) | Nessus | SuSE Local Security Checks | high |
| 28129 | Ubuntu 6.06 LTS / 6.10 / 7.04 : openoffice.org/-amd64 vulnerability (USN-524-1) | Nessus | Ubuntu Local Security Checks | high |
| 27771 | Fedora 7 : openoffice.org-2.2.1-18.2.fc7 (2007-2372) | Nessus | Fedora Local Security Checks | high |
| 27556 | GLSA-200710-24 : OpenOffice.org: Heap-based buffer overflow | Nessus | Gentoo Local Security Checks | high |
| 27140 | openSUSE 10 Security Update : OpenOffice_org (OpenOffice_org-4319) | Nessus | SuSE Local Security Checks | high |
| 26109 | RHEL 3 / 4 / 5 : openoffice.org (RHSA-2007:0848) | Nessus | Red Hat Local Security Checks | high |
| 26106 | Mandrake Linux Security Advisory : openoffice.org (MDKSA-2007:186) | Nessus | Mandriva Local Security Checks | high |
| 26082 | Fedora Core 6 : openoffice.org-2.0.4-5.5.24 (2007-700) | Nessus | Fedora Local Security Checks | high |
| 26078 | Debian DSA-1375-1 : openoffice.org - buffer overflow | Nessus | Debian Local Security Checks | high |
| 26074 | CentOS 3 / 4 / 5 : openoffice.org (CESA-2007:0848) | Nessus | CentOS Local Security Checks | high |
| 4216 | OpenOffice < 2.3 TIFF Parser Multiple Overflows | Nessus Network Monitor | Generic | medium |
| 26064 | Sun OpenOffice.org < 2.3 TIFF Parser Buffer Overflow Vulnerabilities | Nessus | Windows | high |
| 23617 | Solaris 5.9 (x86) : 120190-19 | Nessus | Solaris Local Security Checks | high |
| 23616 | Solaris 5.9 (x86) : 120186-19 | Nessus | Solaris Local Security Checks | high |
| 23558 | Solaris 5.9 (sparc) : 120189-19 | Nessus | Solaris Local Security Checks | high |
| 23557 | Solaris 5.9 (sparc) : 120185-19 | Nessus | Solaris Local Security Checks | high |
| 23468 | Solaris 5.8 (x86) : 120190-19 | Nessus | Solaris Local Security Checks | high |
| 23467 | Solaris 5.8 (x86) : 120186-19 | Nessus | Solaris Local Security Checks | high |
| 23420 | Solaris 5.8 (sparc) : 120189-19 | Nessus | Solaris Local Security Checks | high |
| 23419 | Solaris 5.8 (sparc) : 120185-19 | Nessus | Solaris Local Security Checks | high |
| 22994 | Solaris 5.10 (x86) : 120190-19 | Nessus | Solaris Local Security Checks | high |
| 22993 | Solaris 5.10 (x86) : 120186-19 | Nessus | Solaris Local Security Checks | high |
| 22961 | Solaris 5.10 (sparc) : 120189-19 | Nessus | Solaris Local Security Checks | high |
| 22960 | Solaris 5.10 (sparc) : 120185-19 | Nessus | Solaris Local Security Checks | high |