lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Mon, 18 Dec 2006 20:23:10 +0100
From: Marcus Meissner <meissner@...e.de>
To: Kamchybek Jusupov <kjusupov@...il.com>
Cc: Bruno Lustosa <bruno.lists@...il.com>, bugtraq@...urityfocus.com
Subject: Re: Flaw in OpenOffice.org 2.1: OpenOffice 2.1 is vulnerable to MS Word 0 day vulnerability!!!

On Sun, Dec 17, 2006 at 06:05:14PM +0800, Kamchybek Jusupov wrote:
> 
> It's openoffice-2.0.4 (gentoo), and it did crashed with the below
> error...
> 
> synack ~ $ oowriter2 12122006-djtest.doc 
> Application ErrorApplication Error
> 
> Fatal exception: Signal 6
> Stack:
> /usr/lib/openoffice/program/libuno_sal.so.3[0xb71b0424]
> /lib/libc.so.6(malloc+0x7f)[0xb6b52cff]
> /usr/lib/openoffice/program/soffice: line 254: 24654
> Aborted                 "$sd_prog/$sd_binary" "$@"
> 
> ** (process:24639): WARNING **: Unknown error forking main binary /
> abnormal early exit ...

It apparently abort()ed, which is more a controlled crash, at most a
denial of Service.

Ciao, Marcus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ