Debian DSA-2151-1 : openoffice.org - several vulnerabilities

High Nessus Plugin ID 51677

Synopsis

The remote Debian host is missing a security-related update.

Description

Several security related problems have been discovered in the OpenOffice.org package that allows malformed documents to trick the system into crashes or even the execution of arbitrary code.

 - CVE-2010-3450 During an internal security audit within Red Hat, a directory traversal vulnerability has been discovered in the way OpenOffice.org 3.1.1 through 3.2.1 processes XML filter files. If a local user is tricked into opening a specially crafted OOo XML filters package file, this problem could allow remote attackers to create or overwrite arbitrary files belonging to local user or, potentially, execute arbitrary code.

 - CVE-2010-3451 During his work as a consultant at Virtual Security Research (VSR), Dan Rosenberg discovered a vulnerability in OpenOffice.org's RTF parsing functionality. Opening a maliciously crafted RTF document can cause an out-of-bounds memory read into previously allocated heap memory, which may lead to the execution of arbitrary code.

 - CVE-2010-3452 Dan Rosenberg discovered a vulnerability in the RTF file parser which can be leveraged by attackers to achieve arbitrary code execution by convincing a victim to open a maliciously crafted RTF file.

 - CVE-2010-3453 As part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8ListManager::WW8ListManager() function of OpenOffice.org that allows a maliciously crafted file to cause the execution of arbitrary code.

 - CVE-2010-3454 As part of his work with Virtual Security Research, Dan Rosenberg discovered a vulnerability in the WW8DopTypography::ReadFromMem() function in OpenOffice.org that may be exploited by a maliciously crafted file which allows an attacker to control program flow and potentially execute arbitrary code.

 - CVE-2010-3689 Dmitri Gribenko discovered that the soffice script does not treat an empty LD_LIBRARY_PATH variable like an unset one, which may lead to the execution of arbitrary code.

 - CVE-2010-4253 A heap based buffer overflow has been discovered with unknown impact.

 - CVE-2010-4643 A vulnerability has been discovered in the way OpenOffice.org handles TGA graphics which can be tricked by a specially crafted TGA file that could cause the program to crash due to a heap-based buffer overflow with unknown impact.

Solution

Upgrade the OpenOffice.org packages.

For the stable distribution (lenny) these problems have been fixed in version 2.4.1+dfsg-1+lenny11.

For the upcoming stable distribution (squeeze) these problems have been fixed in version 3.2.1-11+squeeze1.

See Also

https://security-tracker.debian.org/tracker/CVE-2010-3450

https://security-tracker.debian.org/tracker/CVE-2010-3451

https://security-tracker.debian.org/tracker/CVE-2010-3452

https://security-tracker.debian.org/tracker/CVE-2010-3453

https://security-tracker.debian.org/tracker/CVE-2010-3454

https://security-tracker.debian.org/tracker/CVE-2010-3689

https://security-tracker.debian.org/tracker/CVE-2010-4253

https://security-tracker.debian.org/tracker/CVE-2010-4643

https://www.debian.org/security/2011/dsa-2151

Plugin Details

Severity: High

ID: 51677

File Name: debian_DSA-2151.nasl

Version: 1.18

Type: local

Agent: unix

Published: 2011/01/27

Updated: 2020/03/12

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:openoffice.org, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2011/01/26

Reference Information

CVE: CVE-2010-3450, CVE-2010-3451, CVE-2010-3452, CVE-2010-3453, CVE-2010-3454, CVE-2010-3689, CVE-2010-4253, CVE-2010-4643

DSA: 2151