what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

CVE-2008-2152

Status Candidate

Overview

Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.

Related Files

Mandriva Linux Security Advisory 2008-138
Posted Jul 15, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. The updated packages have been patched to fix the issue. The OpenOffice.org package for Mandriva Corporate 3 missed the patch application due to a build error. This update fixes that.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-2152
SHA-256 | cba8ef6fe369d68f51876e63cd4e84efabd1b52022f827bc2ffa123464041e03
Gentoo Linux Security Advisory 200807-5
Posted Jul 10, 2008
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200807-05 - Sean Larsson (iDefense Labs) reported an integer overflow in the function rtl_allocateMemory() in the file sal/rtl/source/alloc_global.c. Versions less than 2.4.1 are affected.

tags | advisory, overflow
systems | linux, gentoo
advisories | CVE-2008-2152
SHA-256 | 56902be5c5e213a71bea6f352a05ba6fb8539b4595fbd903b4dd774ddbc86008
Mandriva Linux Security Advisory 2008-138
Posted Jul 10, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. The updated packages have been patched to fix the issue.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-2152
SHA-256 | 69a05877ce4c258e785661f38b80ef520fc3ed2e12a8ab6d59fbfaaf1add6306
Mandriva Linux Security Advisory 2008-137
Posted Jul 10, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow. Also, according to bug #38874 decimal numbers on Hebrew documents would appear as Arabic characters. Another issue (#39799) is with (Tools -> Options -> OpenOffice.org Writer -> General). Even setting to centimeters on (Indent & Spacing) option it shows as characters (ch) on (Indents & Spacing) configuration on the menu: (Format -> Paragraph -> Indents & Spacing). Moreover, a document holding Notes edited on Microsoft Office would not show when opened with OpenOffice. These and a number of other OpenOffice.org issues were fixed by the new version provided in this update.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-2152
SHA-256 | 2e84c6d73a917e36aa0188a5765a22864416f5aacac8012f5275526bd414ff8b
iDEFENSE Security Advisory 2008-06-10.1
Posted Jun 10, 2008
Authored by iDefense Labs, Sean Larsson | Site idefense.com

iDefense Security Advisory 06.10.08 - Remote exploitation of an integer overflow vulnerability in OpenOffice, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists due to the rtl_allocateMemory() function rounding up allocation requests to be aligned on an 8 byte boundary without checking if this rounding results in an integer overflow condition. iDefense has confirmed the existence of this vulnerability in OpenOffice version 2.4. Previous versions may also be affected.

tags | advisory, remote, overflow, arbitrary
advisories | CVE-2008-2152
SHA-256 | 15340a7bbc8dd9478c22d89f115c6bb4901e3af89d82ce430bfc983d69017778
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close