[gentoo-announce] [ GLSA 200407-11 ] wv: Buffer overflow vulnerability - gentoo-announce

From:	Thierry Carrez <koon@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200407-11 ] wv: Buffer overflow vulnerability
Date:	Wed, 14 Jul 2004 11:13:12
Message-Id:	`40F514F5.4070803@gentoo.org`

1

-----BEGIN PGP SIGNED MESSAGE-----

2

Hash: SHA1

3

4

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5

Gentoo Linux Security Advisory                           GLSA 200407-11

6

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

7

                                            http://security.gentoo.org/

8

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

9

10

  Severity: Normal

11

     Title: wv: Buffer overflow vulnerability

12

      Date: July 14, 2004

13

      Bugs: #56595

14

        ID: 200407-11

15

16

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

17

18

Synopsis

19

========

20

21

A buffer overflow vulnerability exists in the wv library that can allow

22

an attacker to execute arbitrary code with the privileges of the user

23

running the vulnerable application.

24

25

Background

26

==========

27

28

The wv library allows access to MS Word files. It can parse Word files

29

and allow other applications, such as abiword, to import those files

30

into their native formats.

31

32

Affected packages

33

=================

34

35

    -------------------------------------------------------------------

36

     Package      /   Vulnerable   /                        Unaffected

37

    -------------------------------------------------------------------

38

  1  app-text/wv      < 1.0.0-r1                           >= 1.0.0-r1

39

40

Description

41

===========

42

43

A use of strcat without proper bounds checking leads to an exploitable

44

buffer overflow. The vulnerable code is executed when wv encounters an

45

unrecognized token, so a specially crafted file, loaded in wv, can

46

trigger the vulnerable code and execute it's own arbitrary code. This

47

exploit is only possible when the user loads the document into HTML

48

view mode.

49

50

Impact

51

======

52

53

By inducing a user into running wv on a special file, an attacker can

54

execute arbitrary code with the permissions of the user running the

55

vulnerable program.

56

57

Workaround

58

==========

59

60

Users should not view untrusted documents with wvHtml or applications

61

using wv. When loading an untrusted document in an application using

62

the wv library, make sure HTML view is disabled.

63

64

Resolution

65

==========

66

67

All users should upgrade to the latest available version.

68

69

    # emerge sync

70

71

    # emerge -pv ">=app-text/wv-1.0.0-r1"

72

    # emerge ">=app-text/wv-1.0.0-r1"

73

74

References

75

==========

76

77

  [ 1 ] iDEFENSE Security Advisory

78

79

http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities&flashstatus=true

80

81

Availability

82

============

83

84

This GLSA and any updates to it are available for viewing at

85

the Gentoo Security Website:

86

87

    http://security.gentoo.org/glsa/glsa-200407-11.xml

88

89

Concerns?

90

=========

91

92

Security is a primary focus of Gentoo Linux and ensuring the

93

confidentiality and security of our users machines is of utmost

94

importance to us. Any security concerns should be addressed to

95

security@g.o or alternatively, you may file a bug at

96

http://bugs.gentoo.org.

97

98

License

99

=======

100

101

Copyright 2004 Gentoo Foundation, Inc; referenced text

102

belongs to its owner(s).

103

104

The contents of this document are licensed under the

105

Creative Commons - Attribution / Share Alike license.

106

107

http://creativecommons.org/licenses/by-sa/1.0

108

109

-----BEGIN PGP SIGNATURE-----

110

Version: GnuPG v1.2.4 (GNU/Linux)

111

Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

112

113

iD8DBQFA9RT1vcL1obalX08RAiUHAKCmkDewZavqjyfirY/GgPi9UM6mXgCgjmE6

114

qJEPha1AIIv9RGOWHYeH6Sw=

115

=abPc

116

-----END PGP SIGNATURE-----

1	-----BEGIN PGP SIGNED MESSAGE-----
2	Hash: SHA1
3
4	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
5	Gentoo Linux Security Advisory GLSA 200407-11
6	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
7	http://security.gentoo.org/
8	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
9
10	Severity: Normal
11	Title: wv: Buffer overflow vulnerability
12	Date: July 14, 2004
13	Bugs: #56595
14	ID: 200407-11
15
16	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18	Synopsis
19	========
20
21	A buffer overflow vulnerability exists in the wv library that can allow
22	an attacker to execute arbitrary code with the privileges of the user
23	running the vulnerable application.
24
25	Background
26	==========
27
28	The wv library allows access to MS Word files. It can parse Word files
29	and allow other applications, such as abiword, to import those files
30	into their native formats.
31
32	Affected packages
33	=================
34
35	-------------------------------------------------------------------
36	Package / Vulnerable / Unaffected
37	-------------------------------------------------------------------
38	1 app-text/wv < 1.0.0-r1 >= 1.0.0-r1
39
40	Description
41	===========
42
43	A use of strcat without proper bounds checking leads to an exploitable
44	buffer overflow. The vulnerable code is executed when wv encounters an
45	unrecognized token, so a specially crafted file, loaded in wv, can
46	trigger the vulnerable code and execute it's own arbitrary code. This
47	exploit is only possible when the user loads the document into HTML
48	view mode.
49
50	Impact
51	======
52
53	By inducing a user into running wv on a special file, an attacker can
54	execute arbitrary code with the permissions of the user running the
55	vulnerable program.
56
57	Workaround
58	==========
59
60	Users should not view untrusted documents with wvHtml or applications
61	using wv. When loading an untrusted document in an application using
62	the wv library, make sure HTML view is disabled.
63
64	Resolution
65	==========
66
67	All users should upgrade to the latest available version.
68
69	# emerge sync
70
71	# emerge -pv ">=app-text/wv-1.0.0-r1"
72	# emerge ">=app-text/wv-1.0.0-r1"
73
74	References
75	==========
76
77	[ 1 ] iDEFENSE Security Advisory
78
79	http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities&flashstatus=true
80
81	Availability
82	============
83
84	This GLSA and any updates to it are available for viewing at
85	the Gentoo Security Website:
86
87	http://security.gentoo.org/glsa/glsa-200407-11.xml
88
89	Concerns?
90	=========
91
92	Security is a primary focus of Gentoo Linux and ensuring the
93	confidentiality and security of our users machines is of utmost
94	importance to us. Any security concerns should be addressed to
95	security@g.o or alternatively, you may file a bug at
96	http://bugs.gentoo.org.
97
98	License
99	=======
100
101	Copyright 2004 Gentoo Foundation, Inc; referenced text
102	belongs to its owner(s).
103
104	The contents of this document are licensed under the
105	Creative Commons - Attribution / Share Alike license.
106
107	http://creativecommons.org/licenses/by-sa/1.0
108
109	-----BEGIN PGP SIGNATURE-----
110	Version: GnuPG v1.2.4 (GNU/Linux)
111	Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
112
113	iD8DBQFA9RT1vcL1obalX08RAiUHAKCmkDewZavqjyfirY/GgPi9UM6mXgCgjmE6
114	qJEPha1AIIv9RGOWHYeH6Sw=
115	=abPc
116	-----END PGP SIGNATURE-----

Gentoo Archives: gentoo-announce