Red Hat patch adds to OpenOffice vuln run
Red Hat has issued a security update covering multiple versions of the OpenOffice open-source productivity suite to address a flaw related to use of the software with its Red Hat Enterprise Linux 4 and Red Hat Enterprise Linux 5 operating systems.
Rated as "highly critical" by Secunia, the heap overflow flaw in the OpenOffice memory allocator could allow an attacker to remotely compromise unpatched end-user systems, Red Hat reported.
The Linux software maker ranked the issue as "important" and said that if a specially crafted file was opened by a victim using an unpatched system, an attacker could use the flaw to crash OpenOffice applications or, possibly, execute arbitrary code. Red Hat specifically credited researcher Sean Larsson for initially discovering the problem.
To address the vulnerability, Red Hat advised all affected users of OpenOffice to upgrade to updated versions of its OS software, which contain a back-ported fix to correct the issue. The update is available via Red Hat Network with additional details on the patch and vulnerability located here.
Last week, OpenOffice.org pushed out its own update for the memory allocation issue. Dubbed "highly critical" by the vendor, the vulnerability affects versions 2.0 to 2.4 of its productivity software.
According to the initial warning on the issue published by Secunia, the vulnerability could be used by an attacker to execute code on unpatched end-user systems via the use of manipulated document files. Secunia specifically said that the issue is related to an integer overflow error and can be exploited to cause heap-based buffer overflows via a specially crafted documents.
OpenOffice said that the vulnerability in the custom memory allocation function of its software may lead to heap overflows and allow a remote unprivileged user who lures users into opening their attacks to execute arbitrary commands on an affected system with the privileges of the user running OpenOffice.
The vendor said that it has not had any reports of actual exploitation of the problem.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.