ISS X-Force Database: wvware-wvhandledatetimepicture-bo(16660): wvWare wvHandleDateTimePicture function buffer overflow

wvWare wvHandleDateTimePicture function buffer overflow

wvware-wvhandledatetimepicture-bo (16660)

High Risk

Description:

wvWare creates a specially-crafted document and persuades the user to open the document in HTML mode while using an application that uses the wv library, the attacker could overflow a buffer and execute arbitrary code on the system with privileges of the application the uses the library.

Platforms Affected:

AbiSource, AbiWord prior to 2.0.8
Conectiva, Linux 10
Conectiva, Linux 9.0
Debian, Debian Linux 3.0
FedoraProject, Fedora Core 3
Gentoo, Linux
MandrakeSoft, Mandrake Linux 10.0
MandrakeSoft, Mandrake Linux 10.0 AMD64
MandrakeSoft, Mandrake Linux 9.2
MandrakeSoft, Mandrake Linux 9.2 AMD64
wvWare, wvWare 0.7.4 - 0.7.6
wvWare, wvWare 1.0.0

Remedy:

Apply the patch for this vulnerability, available from the iDEFENSE Security Advisory 07.09.04 . See References.

As a workaround, open documents only from trusted sources.

For Abiword:
Upgrade to the latest version of Abiword (2.2.1 or later), available from the AbiWord Download Web page. See References.

For Gentoo Linux:
Upgrade to the latest version of wv (1.0.0-r1 or later), as listed in GLSA 200407-11. See References.

For Mandrake Linux:
Upgrade to the latest wv package, as listed below.Refer to MandrakeSoft Security Advisory MDKSA-2004:077 : wv for more information.See References.

Mandrake Linux 9.2: 1.0_0-1.0.0-1.1.92mdk or later
Mandrake Linux 10.0: 1.0_0-1.0.0-1.1.100mdk or later

For Conectiva Linux:
Upgrade to the latest wv package, as listed below.Refer to Conectiva Linux Security Announcement CLSA-2004:863 for more information. See References.

Conectiva Linux 9: 1.0.0-39238U10_1cl or later

For Conectiva Linux:
Upgrade to the latest abiword package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2004:902 for more information. See References.

Conectiva Linux 9: 1.0.4-25186U90_1cl or later
Conectiva Linux 10: 2.0.6-62012U10_1cl or later

For Debian GNU/Linux 3.0 (alias woody):
Upgrade to the latest wv package (0.7.1+rvt-2woody3 or later), as listed in DSA-550-1. See References.

For Debian GNU/Linux 3.0 (alias woody):
Upgrade to the latest abiword package (1.0.2+cvs.2002.06.05-1woody2 or later), as listed in DSA-579-1. See References.

For Fedora Core 3:
Upgrade to the latest abiword package (2.0.12-7.fc3 or later), as listed in Fedora Update Notification FEDORA-2004-462. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

AbiWord Download Web page, AbiWord Downloads at http://www.abisource.com/download/.
Conectiva Linux Security Announcement CLSA-2004:863, Fix for buffer overflow vulnerability at http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000863.
Conectiva Linux Security Announcement CLSA-2004:902, Fix for buffer overflow vulnerability at http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000902.
Full-Disclosure Mailing List, Fri Jul 09 2004 - 09:39:48 CDT, wvWare Library Buffer Overflow Vulnerability at http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0441.html.
iDEFENSE Security Advisory 07.09.04, wvWare Library Buffer Overflow Vulnerability at http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities&flashstatus=true.
wvWare Web page, wvWare, library for converting Word documents at http://wvware.sourceforge.net/.
BID-10699: wvWare Library Field.c WVHANDLEDATETIMEPICTURE Function Remote Buffer Overflow Vulnerability
CVE-2004-0645: Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.
DSA-550: wv -- buffer overflow
DSA-579: abiword -- buffer overflow
GLSA-200407-11: wv: Buffer overflow vulnerability
MDKSA-2004:077: Updated wv packages fix vulnerability

Reported:

Jul 09, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page