CVE-2005-2972
CVSS5.1
发布时间 :2005-10-23 06:02:00
修订时间 :2011-09-06 00:00:00
NMCOPS    

[原文]Multiple stack-based buffer overflows in the RTF import feature in AbiWord before 2.2.11 allow user-assisted attackers to execute arbitrary code via an RTF file with long identifiers, which are not properly handled in the (1) ParseLevelText, (2) getCharsInsideBrace, (3) HandleLists, (4) or (5) HandleAbiLists functions in ie_imp_RTF.cpp, a different vulnerability than CVE-2005-2964.


[CNNVD]AbiWord畸形标识符处理栈溢出漏洞(CNNVD-200510-169)

        AbiWord是一款类似于Microsoft Word免费文字处理程序,适用于各种文字处理任务。
        AbiWord的RTF导入模块存在栈溢出漏洞,攻击者可能利用此漏洞在主机上执行任意指令。攻击者可以诱骗用户打开有特制超长标识符的RTF文件,导致在用户机器上以AbiWord用户的权限执行任意代码。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2972
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2972
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-169
(官方数据源) CNNVD

- 其它链接及资源

http://www.gentoo.org/security/en/glsa/glsa-200510-17.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200510-17
http://www.vupen.com/english/advisories/2005/2086
(VENDOR_ADVISORY)  VUPEN  ADV-2005-2086
http://www.ubuntulinux.org/support/documentation/usn/usn-203-1
(VENDOR_ADVISORY)  UBUNTU  USN-203-1
http://www.securityfocus.com/bid/15096
(UNKNOWN)  BID  15096
http://www.osvdb.org/20015
(UNKNOWN)  OSVDB  20015
http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html
(VENDOR_ADVISORY)  MISC  http://www.mail-archive.com/debian-bugs-rc@lists.debian.org/msg28251.html
http://www.debian.org/security/2005/dsa-894
(UNKNOWN)  DEBIAN  DSA-894
http://www.abisource.com/changelogs/2.2.11.phtml
(UNKNOWN)  CONFIRM  http://www.abisource.com/changelogs/2.2.11.phtml
http://secunia.com/advisories/17551
(VENDOR_ADVISORY)  SECUNIA  17551
http://secunia.com/advisories/17264
(VENDOR_ADVISORY)  SECUNIA  17264
http://secunia.com/advisories/17213
(VENDOR_ADVISORY)  SECUNIA  17213
http://secunia.com/advisories/17200
(VENDOR_ADVISORY)  SECUNIA  17200
http://secunia.com/advisories/17199
(VENDOR_ADVISORY)  SECUNIA  17199
http://scary.beasts.org/security/CESA-2005-006.txt
(VENDOR_ADVISORY)  MISC  http://scary.beasts.org/security/CESA-2005-006.txt

- 漏洞信息

AbiWord畸形标识符处理栈溢出漏洞
中危 缓冲区溢出
2005-10-23 00:00:00 2006-08-28 00:00:00
远程  
        AbiWord是一款类似于Microsoft Word免费文字处理程序,适用于各种文字处理任务。
        AbiWord的RTF导入模块存在栈溢出漏洞,攻击者可能利用此漏洞在主机上执行任意指令。攻击者可以诱骗用户打开有特制超长标识符的RTF文件,导致在用户机器上以AbiWord用户的权限执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.abisource.com/

- 漏洞信息 (F41544)

Debian Linux Security Advisory 894-1 (PacketStormID:F41544)
2005-11-15 00:00:00
Debian  security.debian.org
advisory,overflow,arbitrary
linux,debian
CVE-2005-2964,CVE-2005-2972
[点击下载]

Debian Security Advisory DSA 894-1 - Chris Evans discoverd several buffer overflows in the RTF import mechanism of AbiWord, a WYSIWYG word processor based on GTK 2. Opening a specially crafted RTF file could lead to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 894-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 14th, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : abiword
Vulnerability  : buffer overflows
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CVE-2005-2964 CVE-2005-2972

Chris Evans discoverd several buffer overflows in the RTF import
mechanism of AbiWord, a WYSIWYG word processor based on GTK 2.
Opening a specially crafted RTF file could lead to the execution of
arbitrary code.

For the old stable distribution (woody) these problems have been fixed in
version 1.0.2+cvs.2002.06.05-1woody3.

For the stable distribution (sarge) these problems have been fixed in
version 2.2.7-3sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 2.2.10-1.

We recommend that you upgrade your abiword package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3.dsc
      Size/MD5 checksum:     1159 9210aac9957b6cd207775862a1d45f1f
    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3.diff.gz
      Size/MD5 checksum:    50123 0f3df3436e43ce1d5da4b4c21e221bcf
    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05.orig.tar.gz
      Size/MD5 checksum: 16407034 0b0e1f3e42a0627a28cea970b099049d

  Architecture independent components:

    http://security.debian.org/pool/updates/main/a/abiword/abiword-doc_1.0.2+cvs.2002.06.05-1woody3_all.deb
      Size/MD5 checksum:   950320 d222e537587d9f91fd38efc9841a58e6
    http://security.debian.org/pool/updates/main/a/abiword/xfonts-abi_1.0.2+cvs.2002.06.05-1woody3_all.deb
      Size/MD5 checksum:   189488 7ba0f3d31f29c1cebfea82a0d231d8f5

  Alpha architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
      Size/MD5 checksum:    12432 653ab5c780287dbfaa8bbead1d363660
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
      Size/MD5 checksum:   538646 bcf2ed542e765437affef0fe8541bc3c
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
      Size/MD5 checksum:  2069386 e019b8b99668ef96371cabdfcc21ed06
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
      Size/MD5 checksum:  1873858 a8088abfbde086249c7395d5994a6b83
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_alpha.deb
      Size/MD5 checksum:   228334 c26e4e4f04a78e626ae7be7229c775f1

  ARM architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_arm.deb
      Size/MD5 checksum:    12434 0ec0f572955999a70ec02f76d1119d9f
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_arm.deb
      Size/MD5 checksum:   536150 ef7a99f7e9f0cef5da0e2125d90eb2f0
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_arm.deb
      Size/MD5 checksum:  1717184 e5db39f5e4b89bb66dad89166c0871c9
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_arm.deb
      Size/MD5 checksum:  1533566 335181116b612f32ff14c6b062920cf3
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_arm.deb
      Size/MD5 checksum:   154850 88e931183c56e22c21d2ed2b6eaf727f

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_i386.deb
      Size/MD5 checksum:    12426 143a7e0e6a86475b0a4faffaa56fe6c6
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_i386.deb
      Size/MD5 checksum:   533942 9f3d73ea537bbc7cc748f4b347011351
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_i386.deb
      Size/MD5 checksum:  1677506 997b0e28a6511258aa7e953189c8916d
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_i386.deb
      Size/MD5 checksum:  1491616 79a369d35495da551010c88fc5d16e53
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_i386.deb
      Size/MD5 checksum:   195028 4417655cdf87e452e533bfceff37035f

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
      Size/MD5 checksum:    12432 ec6bc2b2b32291a24e96ac37e5bef700
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
      Size/MD5 checksum:   542580 d5ee8d4850f02c4bd9a5eb148ff50e12
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
      Size/MD5 checksum:  2122580 6cd0574acb80ae18d3c24fa535edfe64
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
      Size/MD5 checksum:  1940008 8bd8dae64327570f958940dc2de05152
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_ia64.deb
      Size/MD5 checksum:   311910 ecec1fedcaa4dd55feca35366f598dc4

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
      Size/MD5 checksum:    12438 03439f730ccf73e2bb456a98bdd2a489
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
      Size/MD5 checksum:   538040 48c15aee57c59f9ac1d780819dbb7d95
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
      Size/MD5 checksum:  2040050 f3557b782734406275a9c2d74cbdb83a
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
      Size/MD5 checksum:  1821554 e6776a2c4b8ddf0a6ab11d3a1756fa2d
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_hppa.deb
      Size/MD5 checksum:   195884 fdd07179430b8b7cf70f1944e1ca8751

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
      Size/MD5 checksum:    12442 b39cce9869fd5ee33ee412c5671a761f
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
      Size/MD5 checksum:   533170 1a26ef16fe1e79936b5af73b310b6279
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
      Size/MD5 checksum:  1602928 ac5e6186a4f31bd97ab9efe5bfa380c6
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
      Size/MD5 checksum:  1416324 93d883e59e22192a11a350302cf9f431
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_m68k.deb
      Size/MD5 checksum:   199740 b55f497320d2f7802bebccb506f11b46

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_mips.deb
      Size/MD5 checksum:    12432 6c7604ed802ecb0e7ddf09ee70697caf
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_mips.deb
      Size/MD5 checksum:   536262 036c7fd56f0a8a115241412bb8e528f8
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_mips.deb
      Size/MD5 checksum:  1701222 8c810e11612e5db201bf8506244041ce
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_mips.deb
      Size/MD5 checksum:  1513780 cd3a8526a63516ca89cae731b0e300ea
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_mips.deb
      Size/MD5 checksum:   205144 792becc9b4a78d16f775edf017bd4a67

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
      Size/MD5 checksum:    12434 7d9931545151f9918f9d0c7c019c58a4
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
      Size/MD5 checksum:   536510 343c499d62521e49626e99c50735ab96
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
      Size/MD5 checksum:  1663354 94b4d497ff7ddaa31e30afbe05057504
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
      Size/MD5 checksum:  1480888 00ebf5378e669c8437b5e385f94c6266
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_mipsel.deb
      Size/MD5 checksum:   203030 ad7dee7e51fbf887ac179d483f359cb6

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
      Size/MD5 checksum:    12438 3ff0d444f6f5df023844d6ca05d91987
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
      Size/MD5 checksum:   534924 d2bbd28784670dc52bdef79879bde9c1
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
      Size/MD5 checksum:  1716328 67597faf110332672c4234af61228a34
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
      Size/MD5 checksum:  1527968 6b3677b16d1493ef075dcf2c565eaa46
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_powerpc.deb
      Size/MD5 checksum:   237680 a754e170740217157b2fc6f7960ff0c6

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_s390.deb
      Size/MD5 checksum:    12432 899f2957c202bfd626ce04238ae7c355
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_s390.deb
      Size/MD5 checksum:   535210 6a83523ec1ad7f3789095bce0eec31c2
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_s390.deb
      Size/MD5 checksum:  1603804 f98f8c6be3063c920c174d74a87f51c0
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_s390.deb
      Size/MD5 checksum:  1417916 6dd76f6db3594c69591ef4fec624008e
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_s390.deb
      Size/MD5 checksum:   203268 2a247fc7a1ad5ad69a5550dde7e0e5f0

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
      Size/MD5 checksum:    12434 cde846b41a0d618d5d854a0f63ab43ab
    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
      Size/MD5 checksum:   537430 cbd8122f90526919114aa2caa26ab098
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
      Size/MD5 checksum:  1657026 d79737402458bb93fc4cfaa48d8e3b87
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gtk_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
      Size/MD5 checksum:  1470474 18458d5e37c1e92df7d41bf67b9a4185
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_1.0.2+cvs.2002.06.05-1woody3_sparc.deb
      Size/MD5 checksum:   193376 e49c7a03769332bf71fa4790c45e7261


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2.dsc
      Size/MD5 checksum:     1115 c1a5491bde1e7de2ba60ef1ba07b6166
    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2.diff.gz
      Size/MD5 checksum:    75303 75b31932db227cc609d28d84f8bf4478
    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7.orig.tar.gz
      Size/MD5 checksum: 28441035 d07e581539479e615a0af0c0a92da9a3

  Architecture independent components:

    http://security.debian.org/pool/updates/main/a/abiword/abiword-common_2.2.7-3sarge2_all.deb
      Size/MD5 checksum:  1666180 b68247dabeb710edfa58172f5e40030f
    http://security.debian.org/pool/updates/main/a/abiword/abiword-doc_2.2.7-3sarge2_all.deb
      Size/MD5 checksum:  4085558 67faed1f27bc86f3fa2815d3ae058e17
    http://security.debian.org/pool/updates/main/a/abiword/abiword-help_2.2.7-3sarge2_all.deb
      Size/MD5 checksum:   558460 c3cbd4e961b18476ca7f5e6ddd4e6dba
    http://security.debian.org/pool/updates/main/a/abiword/xfonts-abi_2.2.7-3sarge2_all.deb
      Size/MD5 checksum:    20698 05bf556dd85be4428a0911b6c3d87b4b

  Alpha architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_alpha.deb
      Size/MD5 checksum:  2865468 bcb120ac51e1809db9efae4768f66238
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_alpha.deb
      Size/MD5 checksum:  2864100 778e462ca4a0aca78a673adf2d68b5e6
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_alpha.deb
      Size/MD5 checksum:   400976 916e7890de15b4cc814ef837bee6871e
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_alpha.deb
      Size/MD5 checksum:    28442 48350140d2bf3f0921a6259ecf61f5f0

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_amd64.deb
      Size/MD5 checksum:  2491560 6d37138df657bc275460f4931270b825
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_amd64.deb
      Size/MD5 checksum:  2484660 fa827b78a857ab7373cc022bdf01deff
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_amd64.deb
      Size/MD5 checksum:   369462 0e91af63f0fa42f4bc3533517a3d07f8
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_amd64.deb
      Size/MD5 checksum:    27992 5eb8d30bd1f5503ce2523bdd807e9edc

  ARM architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_arm.deb
      Size/MD5 checksum:  2432880 e4703f6e9beb651dd91439303d1373df
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_arm.deb
      Size/MD5 checksum:  2423262 2637f435c5d0861d0f64d56395768ff3
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_arm.deb
      Size/MD5 checksum:   349248 b385c171802de8078538a8f8b7a63f3d
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_arm.deb
      Size/MD5 checksum:    27510 811da755de8247e13d37e0b1a5882926

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_i386.deb
      Size/MD5 checksum:  2340952 c844959722131837db735280ffe0c192
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_i386.deb
      Size/MD5 checksum:  2330434 911c26e1e23975bc795305e52ad53ce0
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_i386.deb
      Size/MD5 checksum:   358584 ab6ed361e772bf4808dabc56a2880811
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_i386.deb
      Size/MD5 checksum:    27854 12d4eeec28a3a7eff2d4777291c8f192

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_ia64.deb
      Size/MD5 checksum:  3443314 d5cf969d1db44c587f22d3cfe2eaaebf
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_ia64.deb
      Size/MD5 checksum:  3446838 8ed0533abdeebfb82cebe0ac1a8328e7
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_ia64.deb
      Size/MD5 checksum:   450116 78ebf500c547a25485b84aa716eab7e7
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_ia64.deb
      Size/MD5 checksum:    29816 f22cfa0f5096cea6af8afefc245bb031

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_hppa.deb
      Size/MD5 checksum:  2811614 72e51c5d4230663c93b6f3028b420cba
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_hppa.deb
      Size/MD5 checksum:  2803736 9358dfdc81bdbaeaaacb60af8f76ec2a
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_hppa.deb
      Size/MD5 checksum:   436786 92df6cbe164a52330127c5b007f7efaf
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_hppa.deb
      Size/MD5 checksum:    29178 288c641cc68192aa3b87df9fcb41c522

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_m68k.deb
      Size/MD5 checksum:  2358090 2d566ecb5578b409cf5e3507df7bf8c9
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_m68k.deb
      Size/MD5 checksum:  2348080 5e2397fa9869b2fb5590872c95fe22f1
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_m68k.deb
      Size/MD5 checksum:   369286 d1530b8fcfb28dfa8787662d83634dcf
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_m68k.deb
      Size/MD5 checksum:    27716 881587416e5eb97885bf17f72fed15a8

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_mips.deb
      Size/MD5 checksum:  2550988 81a84402b7a3066e61274f85afd6077a
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_mips.deb
      Size/MD5 checksum:  2543624 9c184c2eacc4a13ba78e1e70ff59fbde
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_mips.deb
      Size/MD5 checksum:   358192 1d221249ac1d7f23529dcc502c5320e0
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_mips.deb
      Size/MD5 checksum:    28354 0625dceebbb691c3312fb1c14c36c743

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_mipsel.deb
      Size/MD5 checksum:  2465622 e4d4d2a6f5994de907960cd14b05c662
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_mipsel.deb
      Size/MD5 checksum:  2456260 5798ef734342be359769f84f2011bd1e
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_mipsel.deb
      Size/MD5 checksum:   354070 d7cd62c4a5f25c28da61bcfbc9b16ccf
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_mipsel.deb
      Size/MD5 checksum:    28300 fe5b25f2b7eed349e2274fa44ead79a2

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_powerpc.deb
      Size/MD5 checksum:  2473300 c6e7d9e9b32177ea2e4e2819b17338cb
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_powerpc.deb
      Size/MD5 checksum:  2464070 df0769e09e53465b03659e958907c058
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_powerpc.deb
      Size/MD5 checksum:   408478 13d12015c9dd09d94aef49b48a2a45c5
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_powerpc.deb
      Size/MD5 checksum:    29892 a6f075e74ea0dee760efb42fa4244499

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_s390.deb
      Size/MD5 checksum:  2457050 65b8553d57b870b90ee4612391bbc63f
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_s390.deb
      Size/MD5 checksum:  2451094 331bd8ec99321393a69276a087732767
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_s390.deb
      Size/MD5 checksum:   364848 50217fdf5e9bceb77fb34ff455d8ab83
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_s390.deb
      Size/MD5 checksum:    28282 3bca542474684673e0367596524b9132

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/a/abiword/abiword_2.2.7-3sarge2_sparc.deb
      Size/MD5 checksum:  2462406 571fcd01d80476714a8ddd87ce34ff17
    http://security.debian.org/pool/updates/main/a/abiword/abiword-gnome_2.2.7-3sarge2_sparc.deb
      Size/MD5 checksum:  2453454 e72adac4cc33128729763bdf3e64177e
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins_2.2.7-3sarge2_sparc.deb
      Size/MD5 checksum:   343132 e9fa92049ac7b5b2d76ed58d9cb19273
    http://security.debian.org/pool/updates/main/a/abiword/abiword-plugins-gnome_2.2.7-3sarge2_sparc.deb
      Size/MD5 checksum:    27502 8cc7425570da58d6e7adde0a5474f68b


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDeJSjW5ql+IAeqTIRAtHXAKCoyNaP6GitAWDx/g2cIXC/Da1YTwCePI+c
wcfX/C9J9OnzMnY6rm0iDSc=
=5IJR
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F40909)

Gentoo Linux Security Advisory 200510-17 (PacketStormID:F40909)
2005-10-26 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,gentoo
CVE-2005-2972
[点击下载]

Gentoo Linux Security Advisory GLSA 200510-17 - Chris Evans discovered a different set of buffer overflows than the one described in GLSA 200509-20 in the RTF import function in AbiWord. Versions less than 2.2.11 are affected.

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig63C99458FD86CD3C00713F5B
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200510-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: AbiWord: New RTF import buffer overflows
      Date: October 20, 2005
      Bugs: #109157
        ID: 200510-17

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

AbiWord is vulnerable to an additional set of buffer overflows during
RTF import, making it vulnerable to the execution of arbitrary code.

Background
==========

AbiWord is a free and cross-platform word processing program. It allows
to import RTF files into AbiWord documents.

Affected packages
=================

    -------------------------------------------------------------------
     Package             /  Vulnerable  /                   Unaffected
    -------------------------------------------------------------------
  1  app-office/abiword      < 2.2.11                        >= 2.2.11

Description
===========

Chris Evans discovered a different set of buffer overflows than the one
described in GLSA 200509-20 in the RTF import function in AbiWord.

Impact
======

An attacker could design a malicious RTF file and entice a user to
import it in AbiWord, potentially resulting in the execution of
arbitrary code with the rights of the user running AbiWord.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All AbiWord users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/abiword-2.2.11"

References
==========

  [ 1 ] GLSA-200509-20
        http://www.gentoo.org/security/en/glsa/glsa-200509-20.xml
  [ 2 ] CAN-2005-2972
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2972

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-17.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0


--------------enig63C99458FD86CD3C00713F5B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDV357vcL1obalX08RAtsCAJ9t6FscLSKPghooVUx3xVJumneA/gCeP1xW
Qgj4aBn9PR1872HephJ00bc=
=FhJZ
-----END PGP SIGNATURE-----

--------------enig63C99458FD86CD3C00713F5B--
    

- 漏洞信息 (F40725)

Ubuntu Security Notice 203-1 (PacketStormID:F40725)
2005-10-15 00:00:00
Ubuntu  security.ubuntu.com
advisory,overflow,arbitrary
linux,ubuntu
CVE-2005-2972
[点击下载]

Ubuntu Security Notice USN-203-1 - Chris Evans discovered several buffer overflows in the RTF import module of AbiWord. By tricking a user into opening an RTF file with specially crafted long identifiers, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.

===========================================================
Ubuntu Security Notice USN-203-1	   October 13, 2005
abiword vulnerabilities
CAN-2005-2972
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

abiword

The problem can be corrected by upgrading the affected package to
version 2.0.7+cvs.2004.05.05-1ubuntu3.3 (for Ubuntu 4.10), or
2.2.2-1ubuntu2.2 (for Ubuntu 5.04). After a standard system upgrade
you have to restart Abiword to effect the necessary changes.

Details follow:

Chris Evans discovered several buffer overflows in the RTF import
module of AbiWord. By tricking a user into opening an RTF file with
specially crafted long identifiers, an attacker could exploit this to
execute arbitrary code with the privileges of the AbiWord user.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3.diff.gz
      Size/MD5:    53513 e4e2d3d54c83a168e82d70b137ee057c
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3.dsc
      Size/MD5:     1157 037c7c524016edeaa473c6c0d062bce8
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.0.7+cvs.2004.05.05.orig.tar.gz
      Size/MD5: 21903248 665596f852d4e8d0c31c17fc292d6b29

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.0.7+cvs.2004.05.05-1ubuntu3.3_all.deb
      Size/MD5:  4085668 6e2e530a16e993ad086d42956c5803c2
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.0.7+cvs.2004.05.05-1ubuntu3.3_all.deb
      Size/MD5:   543156 8bc408bd3ad1e666e5e357ae36e53932
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.0.7+cvs.2004.05.05-1ubuntu3.3_all.deb
      Size/MD5:    16596 75430c23dad8ae4d0a7308265d408003

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
      Size/MD5:  1455334 d7e4f6e69c1b7a447efceaf04ff68ea0
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
      Size/MD5:  1989318 c268d65eb11b0b52fb60dcc9ba5bedd1
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
      Size/MD5:    26802 b4fa13f3573367b2015988d4f18dc614
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
      Size/MD5:   367222 6474c5943df1fce5bead6694a1261d6a
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3_amd64.deb
      Size/MD5:  1991322 1af7def6dd93a82d2cec1e88ec2d4b5c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
      Size/MD5:  1453160 04cb3db059e360a88db13f1808559450
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
      Size/MD5:  1872762 5e1e82e05a66130fa20bea41fbe095a6
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
      Size/MD5:    26478 f67599750d41755a8b78a04b1dbdde5f
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
      Size/MD5:   351082 7da163ac9814bafa7973403a2b8c1193
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3_i386.deb
      Size/MD5:  1876422 e9d75623f08356390d4065d472f3c9c9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
      Size/MD5:  1453644 555f171b5a2d416145ec6c6127dbc5d8
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
      Size/MD5:  1972602 46cbb19e7d0ba940af215f0db405bb14
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
      Size/MD5:    27940 e9583dbfa15f30f45f6112d0f75a6236
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
      Size/MD5:   405638 170b9be3298268ec25ba858681a8fa16
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.0.7+cvs.2004.05.05-1ubuntu3.3_powerpc.deb
      Size/MD5:  1977814 e1ae70a2581e791bd387132ff6ed48c3

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.2.diff.gz
      Size/MD5:   512286 4f9111c0c96189e819605417cef919ba
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2-1ubuntu2.2.dsc
      Size/MD5:     1133 12447eb5bba474c2c28011b63868b7bf
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword_2.2.2.orig.tar.gz
      Size/MD5: 27686818 de0910da088c9d36f87ba4baed320aa7

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-common_2.2.2-1ubuntu2.2_all.deb
      Size/MD5:  1611804 c22ad1a8d3a687f84b6f6c8e327bc216
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-doc_2.2.2-1ubuntu2.2_all.deb
      Size/MD5:  4093116 d8509ebb24da9e975f7adea5651e1c27
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-help_2.2.2-1ubuntu2.2_all.deb
      Size/MD5:   555690 f6f37a6eed302e0aa04e63b3c395e04f
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/xfonts-abi_2.2.2-1ubuntu2.2_all.deb
      Size/MD5:    20316 823e817b6a7f9359e75e4e70f65c508f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.2_amd64.deb
      Size/MD5:  2459120 363c7d7397cc12f0e6cd804a14533a3b
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.2_amd64.deb
      Size/MD5:    35308 a8aa7db9d7d9695d172ff74c1143163e
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.2_amd64.deb
      Size/MD5:   366414 098cd51bb43055fcf304d0cc5a10e8ac
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.2_amd64.deb
      Size/MD5:  2462240 05ee037c9a7c1092f4cac3b095e852ba

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.2_i386.deb
      Size/MD5:  2305594 58c79c4cdcb8b50c3d1122e8e7d944e5
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.2_i386.deb
      Size/MD5:    34506 e3277cd136acf63fb2d8978507f25875
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.2_i386.deb
      Size/MD5:   347820 121c8efea7da8dc8e75e406bb737d590
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.2_i386.deb
      Size/MD5:  2313410 cff177fcfdfa53d98444d205b32bb4b3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-gnome_2.2.2-1ubuntu2.2_powerpc.deb
      Size/MD5:  2437662 a063445c8a12e05f7acd5c4971c10cdc
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins-gnome_2.2.2-1ubuntu2.2_powerpc.deb
      Size/MD5:    37764 a33d01df37344e9ca72e1a4f153cfa7b
    http://security.ubuntu.com/ubuntu/pool/main/a/abiword/abiword-plugins_2.2.2-1ubuntu2.2_powerpc.deb
      Size/MD5:   405540 f2ad4fe71f8e2edf22a563ecd221b0af
    http://security.ubuntu.com/ubuntu/pool/universe/a/abiword/abiword_2.2.2-1ubuntu2.2_powerpc.deb
      Size/MD5:  2446330 45d0174d1074137d9ea0b0974749bbe8
    

- 漏洞信息

20015
AbiWord RTF Importer ie_imp_RTF.cpp Multiple Overflows
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Multiple remote overflows exist in AbiWord. The 'ParseLevelText()', 'getCharsInsideBrace()', 'HandleLists()', and 'HandleAbiLists()' functions in 'ie_imp_RTF.cpp' fail to perform proper bounds checking resulting in multiple stack-based buffer overflows. With a specially crafted RTF file, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-10-13 2005-10-02
Unknow Unknow

- 解决方案

Upgrade to version 2.4.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

AbiWord Stack-Based Buffer Overflow Vulnerabilities
Boundary Condition Error 15096
Yes No
2005-10-13 12:00:00 2009-07-12 05:56:00
Chris Evans reported these issues to the vendor.

- 受影响的程序版本

Red Hat Fedora Core3
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Conectiva Linux 10.0
AbiSource Community AbiWord 2.2.10
AbiSource Community AbiWord 2.2.9
- Gentoo Linux
AbiSource Community AbiWord 2.2.8
AbiSource Community AbiWord 2.2.7
AbiSource Community AbiWord 2.2.6
AbiSource Community AbiWord 2.2.5
AbiSource Community AbiWord 2.2.4
AbiSource Community AbiWord 2.2.3
AbiSource Community AbiWord 2.2.2
AbiSource Community AbiWord 2.2.1
AbiSource Community AbiWord 2.2 .0
AbiSource Community AbiWord 2.0.12
+ Red Hat Fedora Core3
AbiSource Community AbiWord 2.0.9
AbiSource Community AbiWord 2.0.8
AbiSource Community AbiWord 2.0.7
AbiSource Community AbiWord 2.0.6
+ S.u.S.E. Linux Personal 9.2
AbiSource Community AbiWord 2.0.5
AbiSource Community AbiWord 2.0.4
AbiSource Community AbiWord 2.0.3
AbiSource Community AbiWord 2.0.1
AbiSource Community AbiWord 2.2.11

- 不受影响的程序版本

AbiSource Community AbiWord 2.2.11

- 漏洞讨论

AbiWord is susceptible to multiple stack-based buffer-overflow vulnerabilities; fixes are available. These issues are due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer while importing RTF files.

These issues likely allow attackers to execute arbitrary machine code in the context of the user running the affected application.

Though similar to the vulnerability described in BID 14971 (AbiWord RTF File Processing Buffer Overflow Vulnerability), these vulnerabilities constitute a separate issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案


Please see the referenced advisories for more information.


Conectiva Linux 10.0

AbiSource Community AbiWord 2.2.7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站