[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sun] UPDATE: Schwachstelle in StarOffice/OpenOffice.org vor Version 2.3 - 102994
-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5
Liebe Kolleginnen und Kollegen,
soeben erreichte uns das nachfolgende Bulletin des SUN Customer Warning
System. Wir geben diese Informationen unveraendert an Sie weiter.
Bitte beachten Sie, dass dies ein Update des Advisories ist, das die
folgenden Aenderungen betrifft:
Mit diesem Update stellt Sun einen Patch fuer die Standalone-Version
von StarSuite 8 Impress unter Windows zur Verfuegung.
CVE-2007-2834 - Heap Overflow bein Bearbeiten von TIFF-Bildern in
OpenOffice
Bei Bearbeiten von TIFF-Bildern in OpenOffice/StarOffice wird ein
ungepruefter Wert aus einer Datenstruktur des TIFF-Bildes verwendet,
um eine entsprechende Anzahl von Bytes zu alloziieren. Als Folge
dieses Fehlers kann ein Heap Overflow ausgeloest werden. Ein Angreifer
kann diese Schwachstelle durch ein speziell konstruiertes TIFF-Bild
ausnutzen, um beliebige Befehle mit den Rechten des Benutzers
auszufuehren.
Betroffen sind die folgenden Software Pakete und Plattformen:
SPARC Plattform
* StarOffice/StarSuite 6.0 vor Patch 112885-09
* StarOffice/StarSuite 7 vor Patch 116519-15
* StarOffice 8 vor Patch 120185-12
* StarSuite 8 vor Patch 120189-12
x86 Platftorm
* StarOffice/StarSuite 6.0 vor Patch 112886-09
* StarOffice/StarSuite 7 vor Patch 117073-13
* StarOffice 8 vor Patch 120186-12
* StarSuite 8 vor Patch 120190-12
Linux Plattform
* StarOffice/StarSuite 6.0 vor Patch 112887-09
* StarOffice/StarSuite 7 vor Patch 116518-15
* StarSuite 8 vor Patch 120184-11
* StarOffice 8 vor Patch 120188-11
Windows Plattform
* StarOffice/StarSuite 6.0 vor Patch 112888-09
* StarOffice/StarSuite 7 vor Patch 116520-14
* StarOffice 8 vor Patch 120187-11
* StarSuite 8 vor Patch 120191-11
* StarSuite 8 Impress Standalone vor Patch 128021-01
Sun Solaris SPARC Plattform
Sun Solaris x86 Platftorm
Sun Linux Plattform
Windows Plattform
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
Hersteller Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102994-1
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Andreas Bunten, DFN-CERT
- --
Andreas Bunten (CSIRT), +49 40 808077-555
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Heidenkampsweg 41, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Sun(sm) Alert Notification
* Sun Alert ID: 102994
* Synopsis: Manipulated TIFF Files or Documents Containing Manipulated
TIFF Files May Lead to Heap Overflows and Arbitrary Code Execution
* Category: Security
* Product: StarOffice 7 Office Suite, StarOffice 6.0 Office Suite,
StarOffice 8 Office Suite
* BugIDs: 6571633
* Avoidance: Patch
* State: Resolved
* Date Released: 24-Sep-2007
* Date Closed:
* Date Modified: 16-Oct-2007
1. Impact
A security vulnerability with the way StarOffice/StarSuite 6, 7, and 8
process TIFF files may allow a remote unprivileged user who provides a
StarOffice/StarSuite document that is opened by a local user to execute
arbitrary commands on the system with the privileges of the user running
StarOffice/StarSuite.
Sun acknowledges with thanks, an anonymous researcher working with the
iDefense VCP (http://labs.idefense.com/vcp/).
This issue is also described in the following document:
* CVE CAN-2007-2834 at:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-2834
2. Contributing Factors
This issue can occur in the following releases:
SPARC Platform
* StarOffice/StarSuite 6.0 without patch 112885-09
* StarOffice/StarSuite 7 without patch 116519-15
* StarOffice 8 without patch 120185-12
* StarSuite 8 without patch 120189-12
x86 Platform
* StarOffice/StarSuite 6.0 without patch 112886-09
* StarOffice/StarSuite 7 without patch 117073-13
* StarOffice 8 without patch 120186-12
* StarSuite 8 without patch 120190-12
Linux Platform
* StarOffice/StarSuite 6.0 without patch 112887-09
* StarOffice/StarSuite 7 without patch 116518-15
* StarSuite 8 without patch 120188-11
* StarOffice 8 without patch 120184-11
Windows Platform
* StarOffice/StarSuite 6.0 without patch 112888-09
* StarOffice/StarSuite 7 without patch 116520-14
* StarOffice 8 without patch 120187-11
* StarSuite 8 without patch 120191-11
* StarSuite 8 Impress Standalone without patch 128021-01
Note: StarOffice/StarSuite earlier versions will not be evaluated regarding
this issue.
To determine the version of StarOffice/StarSuite installed on a system, the
following command can be run (for <program dir>/program/bootstraprc):
% grep Product bootstraprc
ProductKey=StarOffice 8
ProductPatch=(Product Update 5)
Or using the GUI, do the following (with StarOffice/StarSuite open):
1. Open the "Help" menu
2. Choose "About StarOffice" (StarSuite)
The version is displayed first in the "about" text.
3. Symptoms
There are no predictable symptoms that would indicate the described issue
has occurred.
Solution Summary Top
4. Relief/Workaround
There is no workaround. Please see the "Resolution" section below.
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
* StarOffice/StarSuite 6.0 with patch 112885-09 or later
* StarOffice/StarSuite 7 with patch 116519-15 or later
* StarOffice 8 with patch 120185-12 or later
* StarSuite 8 with patch 120189-12 or later
x86 Platform
* StarOffice/StarSuite 6.0 with patch 112886-09 or later
* StarOffice/StarSuite 7 with patch 117073-13 or later
* StarOffice 8 with patch 120186-12 or later
* StarSuite 8 with patch 120190-12 or later
Linux Platform
* StarOffice/StarSuite 6.0 with patch 112887-09 or later
* StarOffice/StarSuite 7 with patch 116518-15 or later
* StarSuite 8 with patch 120188-11 or later
* StarOffice 8 with patch 120184-11 or later
Windows Platform
* StarOffice/StarSuite 6.0 with patch 112888-09 or later
* StarOffice/StarSuite 7 with patch 116520-14 or later
* StarOffice 8 with patch 120187-11 or later
* StarSuite 8 with patch 120191-11 or later
* StarSuite 8 Impress Standalone with patch 128021-01 or later
Change History
16-Oct-2007:
* Updated Contributing Factors and Resolution sections
This Sun Alert notification is being provided to you on an "AS IS" basis.
This Sun Alert notification may contain information provided by third
parties. The issues described in this Sun Alert notification may or may not
impact your system(s). Sun makes no representations, warranties, or
guarantees as to the information contained herein. ANY AND ALL WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT, ARE
HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT SUN SHALL
IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR
CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE
INFORMATION CONTAINED HEREIN. This Sun Alert notification contains Sun
proprietary and confidential information. It is being provided to you
pursuant to the provisions of your agreement to purchase services from Sun,
or, if you do not have such an agreement, the Sun.com Terms of Use. This Sun
Alert notification may only be used for the purposes contemplated by these
agreements.
Copyright 2000-2006 Sun Microsystems, Inc., 4150 Network Circle, Santa
Clara, CA 95054 U.S.A. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQEVAwUBRxXX+RYd1iQZmhQQAQHMOAf+L/HVrE6WnTNvCStlPmkheOfwDZt2fEfA
EblmB4FP2YaP+EGvrL90JowP85qhVLuCRot1tZEiWBPlcKo7W562MfbH6f/86Yz6
ubpRMdq8a3sJEadbcF8Ms32NV5aG+hj7fsew4WyMbCl7O41Tfq5PyySbQrXqFjHo
SrJkUXoTu9SBrYbCaz8iTU7wVMta5EG+0a/sMoCMzFxkanT4EHbrCQkUK2uz0tm/
sLPFPiVBHIEvGxfyjGhJn11lutGinewZaizHTZpxuLjP8c2fm97toUDgjSAK0RXo
PbaR6ycUDHXgnPKM1KmnkkaoXwRZNvHUSbOAfluqqar7z7pXkEPqWw==
=wMRl
-----END PGP SIGNATURE-----