The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Oracle OpenOffice.org

vulnerability alert CVE-2016-8610

OpenSSL: denial of service via SSL3_AL_WARNING

Synthesis of the vulnerability

An attacker can send SSL3_AL_WARNING packets to an SSLv3 application linked to OpenSSL, in order to trigger a denial of service.
Impacted products: OpenOffice, Debian, Fedora, FreeBSD, FreeRADIUS, hMailServer, HP Switch, AIX, IRAD, Security Directory Server, Tivoli Storage Manager, Tivoli Workload Scheduler, Juniper ISG, Juniper J-Series, Junos OS, SSG, SRX-Series, Meinberg NTP Server, NetScreen Firewall, ScreenOS, OpenSSL, openSUSE Leap, Oracle DB, Oracle Fusion Middleware, Oracle Identity Management, Solaris, WebLogic, Palo Alto Firewall PA***, PAN-OS, pfSense, Pulse Connect Secure, RHEL, JBoss EAP by Red Hat, Shibboleth SP, Splunk Enterprise, stunnel, SUSE Linux Enterprise Desktop, SLES, Ubuntu, WinSCP.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 24/10/2016.
Identifiers: 1996096, 2000095, 2003480, 2003620, 2003673, 2004940, 2009389, bulletinoct2016, cpujul2019, CVE-2016-8610, DLA-814-1, DSA-3773-1, FEDORA-2017-3451dbec48, FEDORA-2017-e853b4144f, FreeBSD-SA-16:35.openssl, HPESBHF03897, JSA10808, JSA10809, JSA10810, JSA10811, JSA10813, JSA10814, JSA10816, JSA10817, JSA10818, JSA10820, JSA10821, JSA10822, JSA10825, openSUSE-SU-2017:0386-1, openSUSE-SU-2017:0487-1, openSUSE-SU-2018:4104-1, PAN-SA-2017-0017, pfSense-SA-17_03.webgui, RHSA-2017:0286-01, RHSA-2017:0574-01, RHSA-2017:1548-01, RHSA-2017:1549-01, RHSA-2017:1550-01, RHSA-2017:1551-01, RHSA-2017:1552-01, RHSA-2017:1658-01, RHSA-2017:1659-01, RHSA-2017:2493-01, RHSA-2017:2494-01, SA40886, SP-CAAAPUE, SPL-129207, SUSE-SU-2017:0304-1, SUSE-SU-2017:0348-1, SUSE-SU-2018:0112-1, SUSE-SU-2018:3864-1, SUSE-SU-2018:3864-2, SUSE-SU-2018:3964-1, SUSE-SU-2018:3994-1, SUSE-SU-2018:4068-1, SUSE-SU-2018:4274-1, SUSE-SU-2019:1553-1, USN-3181-1, USN-3183-1, USN-3183-2, VIGILANCE-VUL-20941.

Description of the vulnerability

The OpenSSL product implements the SSL version 3 protocol.

The SSL3_AL_WARNING message is used to send an alert of level Warning. However, when these packets are received during the handshake, the library consumes 100% of CPU.

An attacker can therefore send SSL3_AL_WARNING packets to an SSLv3 application linked to OpenSSL, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-6803 CVE-2016-6804

OpenOffice: two vulnerabilities via Windows Installer

Synthesis of the vulnerability

An attacker can use several vulnerabilities via Windows Installer of OpenOffice.
Impacted products: OpenOffice.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 13/10/2016.
Identifiers: CERTFR-2016-AVI-346, CVE-2016-6803, CVE-2016-6804, VIGILANCE-VUL-20863.

Description of the vulnerability

Several vulnerabilities were announced in OpenOffice.

An attacker can create a malicious DLL, and then put it in the current directory, in order to execute code. [severity:2/4; CVE-2016-6803]

An attacker can bypass security features, in order to escalate his privileges. [severity:2/4; CVE-2016-6804]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-7167

libcurl: integer overflow via curl_escape

Synthesis of the vulnerability

An attacker can generate an integer overflow via functions of the curl_escape() family of libcurl, in order to trigger a denial of service, and possibly to run code.
Impacted products: SDS, SES, SNS, OpenOffice, Mac OS X, curl, Debian, Fedora, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, pfSense, Puppet, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 14/09/2016.
Identifiers: bulletinoct2016, cpuoct2018, CVE-2016-7167, DLA-1568-1, DLA-625-1, FEDORA-2016-7a2ed52d41, FEDORA-2016-80f4f71eff, HT207423, JSA10874, openSUSE-SU-2016:2768-1, RHSA-2017:2016-01, RHSA-2018:3558-01, SSA:2016-259-01, STORM-2019-002, SUSE-SU-2016:2699-1, SUSE-SU-2016:2714-1, USN-3123-1, VIGILANCE-VUL-20606.

Description of the vulnerability

The libcurl library provides the curl_escape(), curl_easy_escape(), curl_unescape() and curl_easy_unescape() functions to convert special characters.

However, if the requested size is too large, an integer overflows, and an allocated memory area is too short.

An attacker can therefore generate an integer overflow via functions of the curl_escape() family of libcurl, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2016-7141

cURL: session reuse even if client certificate changed

Synthesis of the vulnerability

The TLS client of libcurl can reuse a session even if the client certificate changed, which may lead to the authentication with an incorrect identity.
Impacted products: OpenOffice, Mac OS X, Brocade vTM, curl, Debian, Juniper EX-Series, Junos OS, SRX-Series, openSUSE Leap, Solaris, Puppet, RHEL, Ubuntu.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 05/09/2016.
Identifiers: BSA-2016-204, BSA-2016-207, BSA-2016-211, BSA-2016-212, BSA-2016-213, BSA-2016-216, BSA-2016-234, cpuoct2018, CVE-2016-7141, DLA-1568-1, DLA-616-1, HT207423, JSA10874, openSUSE-SU-2016:2379-1, RHSA-2016:2575-02, RHSA-2018:3558-01, USN-3123-1, VIGILANCE-VUL-20516.

Description of the vulnerability

The libcurl library can be installed with NSS, instead of OpenSSL.

The TLS client of libcurl can reuse a session even if the client certificate changed, which may lead to the authentication with an incorrect identity.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-5419 CVE-2016-5420 CVE-2016-5421

cURL: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of cURL.
Impacted products: SDS, SES, SNS, OpenOffice, Mac OS X, Brocade vTM, curl, Debian, Fedora, Android OS, Juniper EX-Series, Junos OS, SRX-Series, openSUSE, openSUSE Leap, Solaris, Puppet, RHEL, Slackware, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, client access/rights, denial of service on service, denial of service on client.
Provenance: internet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 03/08/2016.
Identifiers: bulletinoct2016, cpuoct2018, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, DLA-586-1, DSA-3638-1, FEDORA-2016-24316f1f56, FEDORA-2016-8354baae0f, HT207423, JSA10874, openSUSE-SU-2016:2227-1, openSUSE-SU-2016:2379-1, RHSA-2016:2575-02, RHSA-2018:3558-01, SSA:2016-219-01, STORM-2019-002, USN-3048-1, VIGILANCE-VUL-20295.

Description of the vulnerability

Several vulnerabilities were announced in cURL.

The TLS client of libcurl can resume a session even if the client certificate changed, which may lead to the authentication with an incorrect identity. [severity:2/4; CVE-2016-5419]

The TLS client of libcurl can reuse a session even if the client certificate changed, which may lead to the authentication with an incorrect identity. [severity:2/4; CVE-2016-5420]

An attacker can force the usage of a freed memory area via curleasyinit(), in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-5421]
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-1513

OpenOffice.org Impress: memory corruption via MetaActions

Synthesis of the vulnerability

An attacker can create a malicious OpenOffice.org Impress document, and invite the victim to open it, in order to trigger a denial of service, and possibly to run code.
Impacted products: OpenOffice, Debian, Ubuntu.
Severity: 3/4.
Consequences: client access/rights, denial of service on client.
Provenance: document.
Creation date: 22/07/2016.
Identifiers: CERTFR-2016-AVI-263, CERTFR-2016-AVI-292, CVE-2016-1513, DLA-591-1, TALOS-2016-0051, USN-3046-1, VIGILANCE-VUL-20193.

Description of the vulnerability

The OpenOffice.org Impress program is used to create presentations.

However, a document containing a malicious MetaPolyPolygonAction can generate a fatal error.

An attacker can therefore create a malicious OpenOffice.org Impress document, and invite the victim to open it, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-4802

cURL: code execution via DLL searching

Synthesis of the vulnerability

An attacker can hijack the Winbdows DLL loading mechanism as used by cURL, in order to run code.
Impacted products: OpenOffice, curl, Juniper EX-Series, Junos OS, SRX-Series.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 30/05/2016.
Identifiers: CVE-2016-4802, JSA10874, VIGILANCE-VUL-19724.

Description of the vulnerability

The product cURL is a multiprotocol client library.

On MS-Windows platforms, cURL may load some system libraries dynamically, on demand. However, the Windows function used for that, namely LoadLibrary, defaults to an insecure search path, including unprotected locations. This allows a user to plant a DLL with the same name, as "ws2_32.dll", that the searched one. This library will be found before the real one.

An attacker can therefore hijack the Winbdows DLL loading mechanism as used by cURL, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-3739

cURL: Man-in-the-Middle of mbedTLS/PolarSSL

Synthesis of the vulnerability

An attacker can act as a Man-in-the-Middle on cURL compiled with mbedTLS/PolarSSL, in order to read or write data in the session.
Impacted products: OpenOffice, curl, Juniper EX-Series, Junos OS, SRX-Series, Solaris, Slackware.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: internet server.
Creation date: 18/05/2016.
Identifiers: bulletinoct2016, cpuoct2018, CVE-2016-3739, JSA10874, SSA:2016-141-01, VIGILANCE-VUL-19645.

Description of the vulnerability

The cURL product uses the TLS protocol, which can be provided by the mbedTLS/PolarSSL library.

The mbedtls_ssl_set_hostname() or ssl_set_hostname() function has to be called to define the server name, otherwise the X.509 certificate check is not performed by mbedTLS/PolarSSL.

However, cURL does not call these functions when the requested url contains an IP address.

An attacker can therefore act as a Man-in-the-Middle on cURL compiled with mbedTLS/PolarSSL, in order to read or write data in the session.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2016-1521 CVE-2016-1522 CVE-2016-1526

Graphite: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Graphite.
Impacted products: OpenOffice, Debian, Fedora, LibreOffice, Firefox, openSUSE, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/02/2016.
Identifiers: CVE-2016-1521, CVE-2016-1522, CVE-2016-1526, DSA-3479-1, FEDORA-2016-338a7e9925, FEDORA-2016-4154a4d0ba, MFSA-2016-14, openSUSE-SU-2016:0791-1, openSUSE-SU-2016:0875-1, RHSA-2016:0197-01, RHSA-2016:0594-01, RHSA-2016:0598-01, SUSE-SU-2016:0779-1, USN-2902-1, VIGILANCE-VUL-18940.

Description of the vulnerability

Several vulnerabilities were announced in Graphite.

An attacker can generate a memory corruption in directmachine.cpp, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-1521]

An attacker can generate a buffer overflow in Code.cpp, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-1522]

An attacker can force a read at an invalid address in TtfUtil.cpp, in order to trigger a denial of service. [severity:1/4; CVE-2016-1526]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2016-0754

cURL: file change via HTTP response specifiant filenames whith colon

Synthesis of the vulnerability

An attacker who controls an HTTP server requested by a curl client can create of change files by sending filename with colon, in order for example to change an executable file.
Impacted products: OpenOffice, curl, Juniper EX-Series, Junos OS, SRX-Series.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data creation/edition.
Provenance: internet server.
Creation date: 27/01/2016.
Identifiers: CVE-2016-0754, JSA10874, VIGILANCE-VUL-18827.

Description of the vulnerability

The cURL product includes a command line HTTP client.

It defines options to specify the path of the file to be used to store the HTTP response body and to let the server define the name, via the response headers. However, the tool accepts colon in filenames. On MS-Windows platform, such paths are special and in this case, the tool may be make write the response body at an unexpected place, inclusively in another drive than the current one.

An attacker who controls an HTTP server requested by a curl client can therefore create of change files by sending filename with colon, in order for example to change an executable file.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Oracle OpenOffice.org: