1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
5 |
Gentoo Linux Security Advisory GLSA 200407-11 |
6 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
7 |
http://security.gentoo.org/ |
8 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
9 |
|
10 |
Severity: Normal |
11 |
Title: wv: Buffer overflow vulnerability |
12 |
Date: July 14, 2004 |
13 |
Bugs: #56595 |
14 |
ID: 200407-11 |
15 |
|
16 |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - |
17 |
|
18 |
Synopsis |
19 |
======== |
20 |
|
21 |
A buffer overflow vulnerability exists in the wv library that can allow |
22 |
an attacker to execute arbitrary code with the privileges of the user |
23 |
running the vulnerable application. |
24 |
|
25 |
Background |
26 |
========== |
27 |
|
28 |
The wv library allows access to MS Word files. It can parse Word files |
29 |
and allow other applications, such as abiword, to import those files |
30 |
into their native formats. |
31 |
|
32 |
Affected packages |
33 |
================= |
34 |
|
35 |
------------------------------------------------------------------- |
36 |
Package / Vulnerable / Unaffected |
37 |
------------------------------------------------------------------- |
38 |
1 app-text/wv < 1.0.0-r1 >= 1.0.0-r1 |
39 |
|
40 |
Description |
41 |
=========== |
42 |
|
43 |
A use of strcat without proper bounds checking leads to an exploitable |
44 |
buffer overflow. The vulnerable code is executed when wv encounters an |
45 |
unrecognized token, so a specially crafted file, loaded in wv, can |
46 |
trigger the vulnerable code and execute it's own arbitrary code. This |
47 |
exploit is only possible when the user loads the document into HTML |
48 |
view mode. |
49 |
|
50 |
Impact |
51 |
====== |
52 |
|
53 |
By inducing a user into running wv on a special file, an attacker can |
54 |
execute arbitrary code with the permissions of the user running the |
55 |
vulnerable program. |
56 |
|
57 |
Workaround |
58 |
========== |
59 |
|
60 |
Users should not view untrusted documents with wvHtml or applications |
61 |
using wv. When loading an untrusted document in an application using |
62 |
the wv library, make sure HTML view is disabled. |
63 |
|
64 |
Resolution |
65 |
========== |
66 |
|
67 |
All users should upgrade to the latest available version. |
68 |
|
69 |
# emerge sync |
70 |
|
71 |
# emerge -pv ">=app-text/wv-1.0.0-r1" |
72 |
# emerge ">=app-text/wv-1.0.0-r1" |
73 |
|
74 |
References |
75 |
========== |
76 |
|
77 |
[ 1 ] iDEFENSE Security Advisory |
78 |
|
79 |
http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities&flashstatus=true |
80 |
|
81 |
Availability |
82 |
============ |
83 |
|
84 |
This GLSA and any updates to it are available for viewing at |
85 |
the Gentoo Security Website: |
86 |
|
87 |
http://security.gentoo.org/glsa/glsa-200407-11.xml |
88 |
|
89 |
Concerns? |
90 |
========= |
91 |
|
92 |
Security is a primary focus of Gentoo Linux and ensuring the |
93 |
confidentiality and security of our users machines is of utmost |
94 |
importance to us. Any security concerns should be addressed to |
95 |
security@g.o or alternatively, you may file a bug at |
96 |
http://bugs.gentoo.org. |
97 |
|
98 |
License |
99 |
======= |
100 |
|
101 |
Copyright 2004 Gentoo Foundation, Inc; referenced text |
102 |
belongs to its owner(s). |
103 |
|
104 |
The contents of this document are licensed under the |
105 |
Creative Commons - Attribution / Share Alike license. |
106 |
|
107 |
http://creativecommons.org/licenses/by-sa/1.0 |
108 |
|
109 |
-----BEGIN PGP SIGNATURE----- |
110 |
Version: GnuPG v1.2.4 (GNU/Linux) |
111 |
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org |
112 |
|
113 |
iD8DBQFA9RT1vcL1obalX08RAiUHAKCmkDewZavqjyfirY/GgPi9UM6mXgCgjmE6 |
114 |
qJEPha1AIIv9RGOWHYeH6Sw= |
115 |
=abPc |
116 |
-----END PGP SIGNATURE----- |