OpenOffice.org: Heap overflow in included libcurl

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 200603-25 / openoffice openoffice-bin
Release Date	March 27, 2006
Latest Revision	March 27, 2006: 01
Impact	normal
Exploitable	remote

Package	Vulnerable versions	Unaffected versions	Architecture(s)
app-office/openoffice-bin	< 2.0.2	>= 2.0.2	All supported architectures
app-office/openoffice	< 2.0.1-r1	>= 2.0.1-r1	All supported architectures

Related bugreports: #126433

Synopsis

OpenOffice.org contains a vulnerable version of libcurl that may cause a heap overflow when parsing URLs.

2. Impact Information

Background

OpenOffice.org is an office productivity suite, including word processing, spreadsheet, presentation, data charting, formula editing and file conversion facilities. libcurl, which is included in OpenOffice.org, is a free and easy-to-use client-side library for transferring files with URL syntaxes, supporting numerous protocols.

Description

OpenOffice.org includes libcurl code. This libcurl code is vulnerable to a heap overflow when it tries to parse a URL that exceeds a 256-byte limit (GLSA 200512-09).

Impact

An attacker could entice a user to call a specially crafted URL with OpenOffice.org, potentially resulting in the execution of arbitrary code with the rights of the user running the application.

3. Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All OpenOffice.org binary users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-bin-2.0.2"

All OpenOffice.org users should upgrade to the latest version:

Code Listing 3.2: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/openoffice-2.0.1-r1"

4. References

Page updated March 27, 2006

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.