Buffer overflow : OpenOffice rtl_allocateMemory Heap Based BOF Vulnerability

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800009

Categoría: Buffer overflow

Título: OpenOffice rtl_allocateMemory Heap Based BOF Vulnerability

Resumen: The host has OpenOffice installed which is prone to heap based; buffer overflow vulnerability.

Descripción: Summary:
The host has OpenOffice installed which is prone to heap based
buffer overflow vulnerability.

Vulnerability Insight:
The flaw is in alloc_global.c file in which rtl_allocateMemory function
rounding up allocation requests to be aligned on a 8 byte boundary without
checking the rounding results, in an integer overflow condition.

Vulnerability Impact:
Exploitation will result in buffer overflows via a specially crafted document
and allow remote unprivileged user who provides a OpenOffice.org document that
is opened by a local user to execute arbitrary commands on the system with the
privileges of the user running OpenOffice.org.

Affected Software/OS:
OpenOffice.org 2.x on Windows (Any).

Solution:
Upgrade to OpenOffice 2.4.1 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 29622
Common Vulnerability Exposure (CVE) ID: CVE-2008-2152
http://www.securityfocus.com/bid/29622
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00385.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00473.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00499.html
http://security.gentoo.org/glsa/glsa-200807-05.xml
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714
http://www.mandriva.com/security/advisories?name=MDVSA-2008:137
http://www.mandriva.com/security/advisories?name=MDVSA-2008:138
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9787
http://www.redhat.com/support/errata/RHSA-2008-0537.html
http://www.redhat.com/support/errata/RHSA-2008-0538.html
http://www.securitytracker.com/id?1020219
http://secunia.com/advisories/30599
http://secunia.com/advisories/30633
http://secunia.com/advisories/30634
http://secunia.com/advisories/30635
http://secunia.com/advisories/31029
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237944-1
http://www.vupen.com/english/advisories/2008/1773
http://www.vupen.com/english/advisories/2008/1804/references
XForce ISS Database: openoffice-rtlallocatememory-bo(42957)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42957

Copyright Copyright (C) 2008 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800009
Categoría:	Buffer overflow
Título:	OpenOffice rtl_allocateMemory Heap Based BOF Vulnerability
Resumen:	The host has OpenOffice installed which is prone to heap based; buffer overflow vulnerability.
Descripción:	Summary: The host has OpenOffice installed which is prone to heap based buffer overflow vulnerability. Vulnerability Insight: The flaw is in alloc_global.c file in which rtl_allocateMemory function rounding up allocation requests to be aligned on a 8 byte boundary without checking the rounding results, in an integer overflow condition. Vulnerability Impact: Exploitation will result in buffer overflows via a specially crafted document and allow remote unprivileged user who provides a OpenOffice.org document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org. Affected Software/OS: OpenOffice.org 2.x on Windows (Any). Solution: Upgrade to OpenOffice 2.4.1 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 29622 Common Vulnerability Exposure (CVE) ID: CVE-2008-2152 http://www.securityfocus.com/bid/29622 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00385.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00473.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00499.html http://security.gentoo.org/glsa/glsa-200807-05.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714 http://www.mandriva.com/security/advisories?name=MDVSA-2008:137 http://www.mandriva.com/security/advisories?name=MDVSA-2008:138 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9787 http://www.redhat.com/support/errata/RHSA-2008-0537.html http://www.redhat.com/support/errata/RHSA-2008-0538.html http://www.securitytracker.com/id?1020219 http://secunia.com/advisories/30599 http://secunia.com/advisories/30633 http://secunia.com/advisories/30634 http://secunia.com/advisories/30635 http://secunia.com/advisories/31029 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237944-1 http://www.vupen.com/english/advisories/2008/1773 http://www.vupen.com/english/advisories/2008/1804/references XForce ISS Database: openoffice-rtlallocatememory-bo(42957) https://exchange.xforce.ibmcloud.com/vulnerabilities/42957
Copyright	Copyright (C) 2008 Greenbone Networks GmbH