libgsf ole_info_read_metabat() OLE file buffer overflow
| libgsf-metabat-bo (30611) |  High Risk |
Description:
The GNOME Structured File Library (libgsf) is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the ole_info_read_metabat() function. By creating a specially-crafted OLE file, a remote attacker could overflow a buffer and execute arbitrary code on the system with the permissions of the victim, if the attacker could persuade the victim to open the file with an application linked to the vulnerable library.
Platforms Affected:
- Canonical, Ubuntu 5.10
- Canonical, Ubuntu 6.06 LTS
- Canonical, Ubuntu 6.10
- Gentoo, Linux
- GNOME, libgsf 1.14.0
- MandrakeSoft, Mandrake Linux 2007
- MandrakeSoft, Mandrake Linux 2007 X86_64
- MandrakeSoft, Mandrake Linux Corporate Server 3.0 X86_64
- MandrakeSoft, Mandrake Linux Corporate Server 3.0
- Novell, Linux Desktop 9
- Novell, Linux POS 9
- Novell, Open Enterprise Server
- Novell, Open Enterprise Server
- RedHat, Enterprise Linux 3 AS
- RedHat, Enterprise Linux 3 Desktop
- RedHat, Enterprise Linux 3 ES
- RedHat, Enterprise Linux 3 WS
- RedHat, Enterprise Linux 4 WS
- RedHat, Enterprise Linux 4 Desktop
- RedHat, Enterprise Linux 4 AS
- RedHat, Enterprise Linux 4 ES
- SuSE, SuSE SLED 10
- SuSE, SuSE SLES 10
- SuSE, SuSE SLES 9
Remedy:
Upgrade to the latest version of libgsf (4.50 or later), available from the freshmeat.net Web site. See References.
For Debian GNU/Linux:
Refer to DSA-1221-1 for patch, upgrade, or suggested workaround information. See References.
For Ubuntu Linux:
Refer to USN-391-1 for patch, upgrade, or workaround information. See References.
For Red Hat Linux:
Refer to RHSA-2007:0011-3 for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
Gain Access
References:
- freshmeat.net, Project details for GNOME Structured File Library at http://freshmeat.net/projects/libgsf/.
- iDefense Labs PUBLIC ADVISORY: 11.30.06, Multiple Vendor libgsf Heap Overflow Vulnerability at http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=446.
- ASA-2007-065: libgsf security update (RHSA-2007-0011)
- BID-21358: LibGSF Remote Heap Buffer Overflow Vulnerability
- CVE-2006-4514: Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.
- DSA-1221: libgsf -- buffer overflow
- GLSA-200612-13: libgsf: Buffer overflow
- MDKSA-2006:220: Updated libgsf packages fix heap buffer overflow vulnerability
- RHSA-2007-0011: Moderate: libgsf security update
- SA23164: GNOME Structured File Library "ole_info_read_metabat()" Buffer Overflow
- SUSE-SA:2006:076: libgsf buffer overflows
- USN-391-1: libgsf vulnerability
- VUPEN/ADV-2006-4784: GNOME Structured File Library ole_info_read_metabat() Buffer Overflow Vulnerability
Reported:
Nov 30, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net