openoffice-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mar...@apache.org
Subject svn commit: r1753610 - /openoffice/ooo-site/trunk/content/security/cves/CVE-2016-1513.html
Date Wed, 20 Jul 2016 21:19:48 GMT
Author: marcus
Date: Wed Jul 20 21:19:48 2016
New Revision: 1753610

URL: http://svn.apache.org/viewvc?rev=1753610&view=rev
Log:
Added new advisory for CVE-2016-1513

Added:
    openoffice/ooo-site/trunk/content/security/cves/CVE-2016-1513.html   (with props)

Added: openoffice/ooo-site/trunk/content/security/cves/CVE-2016-1513.html
URL: http://svn.apache.org/viewvc/openoffice/ooo-site/trunk/content/security/cves/CVE-2016-1513.html?rev=1753610&view=auto
==============================================================================
--- openoffice/ooo-site/trunk/content/security/cves/CVE-2016-1513.html (added)
+++ openoffice/ooo-site/trunk/content/security/cves/CVE-2016-1513.html Wed Jul 20 21:19:48
2016
@@ -0,0 +1,152 @@
+
+<!DOCTYPE html>
+<html>
+    <head>
+        <title>CVE-2016-1513</title>
+        <style type="text/css"></style>
+    </head>
+
+    <body>
+    <!-- These were previously defined as XHTML pages. The current wrapping for the site
+         introduces HTML5 headers and formats. This version is modified to match the
+         wrapping that is done as part of publishing this page and not rely on any
+         particular styling beyond <p>.
+    -->
+
+        <p>
+          <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1513">
+          CVE-2016-1513</a>
+        </p>
+
+        <p>
+          <a href="http://www.openoffice.org/security/cves/CVE-2016-1513.html">
+          Apache OpenOffice Advisory</a>
+        </p>
+
+        <p>
+          <strong>Memory Corruption Vulnerability (Impress Presentations)</strong>
+        </p>
+
+        <p>
+          <strong>Version 1.0</strong>
+        </p>
+
+        <p>
+          Announced July 21, 2016
+        </p>
+
+        <p>
+          <strong>Summary</strong>
+        </p>
+
+        <p>
+          An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain
invalid presentation elements that lead to memory corruption when the document is loaded in
Apache OpenOffice Impress. The defect may cause the document to appear as corrupted and OpenOffice
may crash in a recovery-stuck mode requiring manual intervention. A crafted exploitation of
the defect can allow an attacker to cause denial of service (memory corruption and application
crash) and possible execution of arbitrary code.
+        </p>
+
+        <p>
+          <strong>Severity: Medium</strong>
+        </p>
+
+        <p>There are no known exploits of this vulnerabilty.<br />
+          A proof-of-concept demonstration exists.
+        </p>
+
+        <p>
+          <strong>Vendor: The Apache Software Foundation</strong>
+        </p>
+
+        <p>
+          <strong>Versions Affected</strong>
+        </p>
+
+        <p>
+          All Apache OpenOffice versions 4.1.2 and older are affected.<br />
+          OpenOffice.org versions are also affected.
+        </p>
+
+        <p>
+          <strong>Mitigation</strong>
+        </p>
+
+        <p>
+          There is no updated download currently available to mitigate this vulnerability.
 Until a hot fix or maintenance release is available, users should be vigilant and employ
workarounds.
+          <br /><br />
+          A source-code patch that blocks the vulnerability has been developed and is available
for developers at <a href="https://bz.apache.org/ooo/show_bug.cgi?id=127045">issue 127045</a>.
+          <br /><br />
+          Antivirus can detect documents attempting to exploit this vulnerability by employing
Snort Signature IDs 35828-35829.
+        </p>
+
+        <p>
+          <strong>Description</strong>
+        </p>
+
+        <p>
+          An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain
invalid presentation elements that lead to memory corruption when the document is loaded in
Apache OpenOffice Impress. The defect may cause the document to appear as corrupted. OpenOffice
may simply close or crash, possibly in a recovery-stuck mode requiring manual intervention,
including removal of any document lock.
+          <br /><br />
+          A crafted exploitation of the vulnerability can allow an attacker to cause denial
of service (memory corruption and application crash) and possible execution of arbitrary code.
+        </p>
+
+        <p>
+          <strong>Defenses and Work-Arounds</strong>
+        </p>
+
+        <p>
+          For defects such as those involved in CVE-2016-1513, documents can be crafted to
cause memory corruption enough to crash Apache OpenOffice Impress. However, the conditions
under which arbitrary code can be executed are complex and difficult to achieve in an undetected
manner.
+          <br /><br />
+          An important layer of defense for all such cases is to avoid operating Apache OpenOffice
(and any other personal productivity programs) under a computer account that has administrative
privileges of any kind. While installation of Apache OpenOffice requires elevated privileges
and user permission on platforms such as Microsoft Windows, operation of the software does
not.
+          <br /><br />
+          Keeping antivirus/antimalware software current is also important. This will serve
to identify and distinguish suspicious documents that involve the exploit, avoiding confusion
with documents that are damaged and/or fail for other reasons.
+          <br /><br />
+          Impress cannot be used to directly produce documents having the CVE-2016-1513-related
defect. Impress-authored .ODP and .OTP documents of an user's own that exhibit any of these
characteristics are not the result of an exploit. They may be consequences of a separate Impress
defect that should be reported.
+          <br /><br />
+          For .ODP and .OTP files from unknown or suspicious sources, any automatic closing
on opening or failing of OpenOffice Impress can be checked by opening the file in an OpenDocument
Presentation application that is not vulnerable to the defective document formatting involved
in CVE-2016-1513. Current releases of LibreOffice and Microsoft Office PowerPoint (for .ODP
files), including PowerPoint Online, are known to avoid the defect. Other ODF-supporting software
may be successful. The resulting presentation may appear corrupted or incomplete and need
not reflect an actual exploit attempt. Saving the document as a new presentation file will
be exploit-free either way.
+          <br /><br />
+          To report a suspicious document from an external source and for which OpenOffice
Impress crashes, preserve the file exactly and report to <a href="mailto:security@openoffice.apache.org">security@openoffice.apache.org</a>.
Await further instructions for submission of the file itself. Do not post files having suspected
exploits to mailing lists, the issue-reporting system, or any other public location.
+          <br /><br />
+          For additional information and assistance, consult the <a href="https://forum.openoffice.org/">Apache
OpenOffice Community Forums</a>, or make requests to the <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a>
public mailing list. Defects not involving suspected security vulnerabilities can be reported
with a normal issue via <a href="http://www.openoffice.org/qa/issue_handling/pre_submission.html">Bugzilla</a>.
+        </p>
+
+        <p>
+          <strong>Precautions</strong>
+        </p>
+
+        <p>
+          Users who do not upgrade to Apache OpenOffice 4.1.2 should be careful of .DOC files
from unknown or unreliable sources. A Microsoft Word 97-2003 .DOC format file can be checked
by opening with software, such as Microsoft Office Word or Word Online. The documents may
be rejected as corrupted or extraordinary employment of bookmarks may be observable.
+        </p>
+
+         <p>
+           <strong>Further Information</strong>
+        </p>
+
+        <p>For additional information and assistance, consult the
+           <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
+           or make requests to the
+           <a href="mailto:users@openofffice.apache.org">users@openofffice.apache.org</a>
+           public mailing list.
+        </p>
+
+        <p>
+          The latest information on Apache OpenOffice security bulletins can be found at
the <a href="http://www.openoffice.org/security/bulletin.html">
+          Bulletin Archive page</a>.
+        </p>
+
+        <p>
+          <strong>Credits</strong>
+        </p>
+
+        <p>
+          The Apache OpenOffice project acknowledges the discovery and analysis for CVE-2016-1513
by Yves Younan and Richard Johnson of Cisco Talos.
+        </p>
+
+        <hr />
+
+        <p>
+          <a href="http://www.openoffice.org/security/">Security Home</a>
+          -&gt; <a href="http://www.openoffice.org/security/bulletin.html">
+          Bulletin</a>
+          -&gt; <a href="http://www.openoffice.org/security/cves/CVE-2016-1513.html">
+          CVE-2016-1513</a>
+        </p>
+
+    </body>
+</html>

Propchange: openoffice/ooo-site/trunk/content/security/cves/CVE-2016-1513.html
------------------------------------------------------------------------------
    svn:eol-style = native



Mime
View raw message