<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> <glsa id="200405-04"> <title>OpenOffice.org vulnerability when using DAV servers</title> <synopsis> Several format string vulnerabilities are present in the Neon library included in OpenOffice.org, allowing remote execution of arbitrary code when connected to an untrusted WebDAV server. </synopsis> <product type="ebuild">openoffice</product> <announced>2004-05-11</announced> <revised count="02">2004-10-27</revised> <bug>47926</bug> <access>remote</access> <affected> <package name="app-office/openoffice" auto="yes" arch="x86"> <unaffected range="ge">1.1.1-r1</unaffected> <vulnerable range="le">1.1.1</vulnerable> </package> <package name="app-office/openoffice" auto="yes" arch="ppc"> <unaffected range="ge">1.0.3-r2</unaffected> <vulnerable range="le">1.0.3-r1</vulnerable> </package> <package name="app-office/openoffice" auto="yes" arch="sparc"> <unaffected range="ge">1.1.0-r4</unaffected> <vulnerable range="le">1.1.0-r3</vulnerable> </package> <package name="app-office/openoffice-ximian" auto="yes" arch="*"> <unaffected range="ge">1.1.51-r1</unaffected> <vulnerable range="le">1.1.51</vulnerable> </package> <package name="app-office/openoffice-bin" auto="yes" arch="*"> <unaffected range="ge">1.1.2</unaffected> <vulnerable range="lt">1.1.2</vulnerable> </package> <package name="app-office/openoffice-ximian-bin" auto="no" arch="*"> <vulnerable range="le">1.1.52</vulnerable> </package> </affected> <background> <p> OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities. </p> </background> <description> <p> OpenOffice.org includes code from the Neon library in functions related to publication on WebDAV servers. This library is vulnerable to several format string attacks. </p> </description> <impact type="high"> <p> If you use the WebDAV publication and connect to a malicious WebDAV server, this server can exploit these vulnerabilities to execute arbitrary code with the rights of the user running OpenOffice.org. </p> </impact> <workaround> <p> As a workaround, you should not use the WebDAV publication facilities. </p> </workaround> <resolution> <p> There is no Ximian OpenOffice.org binary version including the fix yet. All users of the openoffice-ximian-bin package making use of the WebDAV openoffice-ximian source-based package. </p> <p> openoffice users on the x86 architecture should: </p> <code> # emerge sync # emerge -pv ">=app-office/openoffice-1.1.1-r1" # emerge ">=app-office/openoffice-1.1.1-r1"</code> <p> openoffice users on the sparc architecture should: </p> <code> # emerge sync # emerge -pv ">=app-office/openoffice-1.1.0-r3" # emerge ">=app-office/openoffice-1.1.0-r3"</code> <p> openoffice users on the ppc architecture should: </p> <code> # emerge sync # emerge -pv ">=app-office/openoffice-1.0.3-r1" # emerge ">=app-office/openoffice-1.0.3-r1"</code> <p> openoffice-ximian users should: </p> <code> # emerge sync # emerge -pv ">=app-office/openoffice-ximian-1.1.51-r1" # emerge ">=app-office/openoffice-ximian-1.1.51-r1"</code> <p> openoffice-bin users should: </p> <code> # emerge sync # emerge -pv ">=app-office/openoffice-bin-1.1.2" # emerge ">=app-office/openoffice-bin-1.1.2"</code> </resolution> <references> <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0179">CAN-2004-0179</uri> <uri link="https://www.gentoo.org/security/en/glsa/glsa-200405-01.xml">Neon vulnerabilities (GLSA 200405-01)</uri> </references> <metadata tag="submitter"> koon </metadata> </glsa>