From owner-freebsd-vuxml@FreeBSD.ORG Tue Nov 25 21:16:01 2008 Return-Path: Delivered-To: freebsd-vuxml@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1EEBA106564A for ; Tue, 25 Nov 2008 21:16:01 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) Received: from 0.mx.codelabs.ru (0.mx.codelabs.ru [144.206.177.45]) by mx1.freebsd.org (Postfix) with ESMTP id C73C88FC1E for ; Tue, 25 Nov 2008 21:16:00 +0000 (UTC) (envelope-from rea-fbsd@codelabs.ru) DomainKey-Signature: a=rsa-sha1; q=dns; c=simple; s=one; d=codelabs.ru; h=Received:To:Subject:From:Reply-To:Cc:X-send-pr-version:X-GNATS-Notify:Message-Id:Date; b=PZnlwJqD+XZ4snjTdpGx7KFUP5joPVYp70stMQkt7aAwKfi/nQYHfAsfwCkxnT3s4/cGBOtOhp0FdGu51Vo0PQonE7hunZvOMp7uS6FU5MKrJDpz43iJPRgqO3VVJuEEt42woFMjpeRMJ+4n1RULJYo0/JatWctgJWvLjQfnxf0=; Received: from phoenix.codelabs.ru (ppp91-78-117-2.pppoe.mtu-net.ru [91.78.117.2]) by 0.mx.codelabs.ru with esmtps (TLSv1:CAMELLIA256-SHA:256) id 1L552f-000Och-SB; Wed, 26 Nov 2008 00:01:53 +0300 To: FreeBSD-gnats-submit@freebsd.org From: Eygene Ryabinkin X-send-pr-version: 3.113 X-GNATS-Notify: maho@freebsd.org, openoffice@freebsd.org Message-Id: <20081125210153.2B4B2F181D@phoenix.codelabs.ru> Date: Wed, 26 Nov 2008 00:01:53 +0300 (MSK) X-Mailman-Approved-At: Tue, 25 Nov 2008 21:16:45 +0000 Cc: freebsd-vuxml@freebsd.org Subject: [vuxml] editors/openoffice.org-2: document CVE-2008-2237 and CVE-2008-2238 X-BeenThere: freebsd-vuxml@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Eygene Ryabinkin List-Id: Documenting security issues in VuXML List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Nov 2008 21:16:01 -0000 >Submitter-Id: current-users >Originator: Eygene Ryabinkin >Organization: Code Labs >Confidential: no >Synopsis: [vuxml] editors/openoffice.org-2: document CVE-2008-2237 and CVE-2008-2238 >Severity: serious >Priority: high >Category: ports >Class: sw-bug >Release: FreeBSD 7.1-PRERELEASE i386 >Environment: System: FreeBSD 7.1-PRERELEASE i386 >Description: WMS/EMF processing flaws were found in the openoffice.org 2.x: http://www.securityfocus.com/bid/31962 >How-To-Repeat: Look at http://www.securityfocus.com/bid/31962 http://www.openoffice.org/security/cves/CVE-2008-2237.html http://www.openoffice.org/security/cves/CVE-2008-2238.html >Fix: Since 2.4.2 is in the tree, there is no point to upgrade any ports. I believe that openoffice-2-RC and openoffice-2-devel are vulnerable too, because vendor says about affected releases "All versions prior to OpenOffice.org 2.4.2". The following VuXML entry should be evaluated and added: --- vuln.xml begins here --- openoffice -- arbitrary code execution by processing crafted EMF/WMF files openoffice.org 2.42.4.2 2.4.20040402

Vendor notifies:

A security vulnerability with the way OpenOffice 2.x process WMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now.

A security vulnerability with the way OpenOffice 2.x process EMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running StarOffice/StarSuite. No working exploit is known right now.

 http://www.openoffice.org/security/cves/CVE-2008-2237.html http://www.openoffice.org/security/cves/CVE-2008-2238.html CVE-2008-2237 CVE-2008-2238 31962 2008-10-29 today --- vuln.xml ends here --- I hope that the version specification catches all openoffice 2.x with x < 4.2 as well as -RC and -devel versions.