Ubuntu
openoffice.org package

[CVE-2008-2152] Integer overflow in rtl_allocateMemory() in OpenOffice.org

Bug #238925 reported by Till Ulen
254
Affects Status Importance Assigned to Milestone
openoffice.org (Ubuntu)
Invalid
Undecided
Kees Cook

Bug Description

Binary package hint: openoffice.org

CVE-2008-2152 description:

"A security vulnerability in the custom memory allocation function from OpenOffice.org may lead to heap overflows and allow a remote unprivileged user who provides a OpenOffice.org document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running OpenOffice.org. [...]

Affected releases
All versions between OpenOffice.org 2.0 and 2.4 inclusive."

http://www.openoffice.org/security/cves/CVE-2008-2152.html

See also: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714

CVE References

Revision history for this message
Chris Cheney (ccheney) wrote :

As I understand it we are not actually vulnerable to this overflow, but I will be looking into the issue further tomorrow (Jun 11) to verify for certain.

Thanks!

Chris Cheney

Revision history for this message
Chris Cheney (ccheney) wrote :

From the Debian maintainer:
02:00 < _rene_> that's rtl_AllocateMemory? no, doesn't affect us
02:00 < _rene_> we build --with-alloc=system
02:00 < _rene_> if you don't use that, you are affected, though
02:01 < _rene_> and you probably build with --with-alloc=system since it's in
                Common.conf in ooo-build (-> everyone gets it unless (s)he
                overrides it)
===
dapper - ?
feisty - not affected
gutsy - not affected
hardy - not affected
intrepid - not affected

I need to verify dapper isn't affected by looking at a build log and launchpad doesn't have build logs that far back. So I will have to see what it does when I try to build it locally.

Chris

Revision history for this message
Kees Cook (kees) wrote :

From the dapper builds I did during the last security update, it's in there, so dapper is not affected either:

$(CONFIGURE_FLAGS) is --disable-post-install-scripts --with-tag=oob680-m5 --with-system-gcc --with-distro=Ubuntu --with-vendor=Debian --enable-package-directories --with-installed-ooo-dirname=openoffice --mandir=/usr/share/man --with-lang=en-US -x-libraries=/usr/lib --with-build-version=openoffice.org 2.0.2-2ubuntu12.6, Tue Apr 22 15:53:39 PDT 2008 --disable-strip --with-alloc=system --enable-atkbridge --enable-lockdown --with-binsuffix=no --with-java=gij --with-jdk-home=/usr/lib/jvm/java-gcj --with-system-xt --with-system-xerces --with-system-xalan --with-system-xml-apis --with-firefox --disable-mono --with-stlport4=/build/kees/openoffice.org-2.0.2/stlport4 --with-system-boost --with-system-portaudio --with-system-libwpd --with-system-icu --with-system-xmlsec --with-system-cairo --with-system-mdbtools --enable-binfilter --with-system-hsqldb --with-system-beanshell --with-gcc-speedup=ccache --enable-symbols=SMALL --with-num-cpus=5

Revision history for this message
Kees Cook (kees) wrote :

Thanks for checking the others, I'll update the CVE tracker.

Changed in openoffice.org:
assignee: nobody → kees
status: New → Invalid
Revision history for this message
Chris Cheney (ccheney) wrote :

Thanks for checking the dapper build!

Chris

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.