Vulnerability Name:

CVE-2008-2152 (CCN-42957)

Assigned:2008-06-10
Published:2008-06-10
Updated:2017-09-29
Summary:Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-2152

Source: IDEFENSE
Type: UNKNOWN
20080610 Multiple Vendor OpenOffice rtl_allocateMemory() Integer Overflow Vulnerability

Source: CCN
Type: RHSA-2008-0537
Important: openoffice.org security update

Source: CCN
Type: RHSA-2008-0538
Important: openoffice.org security update

Source: CCN
Type: SA30599
OpenOffice "rtl_allocateMemory()" Integer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
30599

Source: SECUNIA
Type: UNKNOWN
30633

Source: SECUNIA
Type: UNKNOWN
30634

Source: CCN
Type: SA30635
Sun StarOffice/StarSuite "rtl_allocateMemory()" Integer Overflow

Source: SECUNIA
Type: UNKNOWN
30635

Source: SECUNIA
Type: UNKNOWN
31029

Source: GENTOO
Type: UNKNOWN
GLSA-200807-05

Source: CCN
Type: SECTRACK ID: 1020219
OpenOffice Integer Overflow in rtl_allocateMemory() Lets Remote Users Execute Arbitrary Code

Source: SUNALERT
Type: UNKNOWN
237944

Source: CCN
Type: Sun Alert ID: 237944
A Security Vulnerability in StarOffice/StarSuite 8 may allow file manipulation and Arbitrary Code execution

Source: CCN
Type: ASA-2008-248
openoffice.org security update (RHSA-2008-0538)

Source: CCN
Type: ASA-2008-251
openoffice.org security update (RHSA-2008-0537)

Source: CCN
Type: ASA-2008-264
A Security Vulnerability in StarOffice/StarSuite 8 may allow file manipulation and Arbitrary Code execution (Sun 237944)

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:137

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:138

Source: CCN
Type: OpenOffice.org Web site
OpenOffice.org: Home

Source: CCN
Type: OpenOffice.org Security Bulletin CVE-2008-2152
Integer Overflow vulnerability in rtl_allocateMemory()

Source: CONFIRM
Type: UNKNOWN
http://www.openoffice.org/security/cves/CVE-2008-2152.html

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0537

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0538

Source: BID
Type: UNKNOWN
29622

Source: CCN
Type: BID-29622
OpenOffice 'rtl_allocateMemory()' Heap Based Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020219

Source: VUPEN
Type: UNKNOWN
ADV-2008-1773

Source: VUPEN
Type: UNKNOWN
ADV-2008-1804

Source: XF
Type: UNKNOWN
openoffice-rtlallocatememory-bo(42957)

Source: XF
Type: UNKNOWN
openoffice-rtlallocatememory-bo(42957)

Source: CCN
Type: iDefense Labs PUBLIC ADVISORY: 06.10.08
Multiple Vendor OpenOffice rtl_allocateMemory() Integer Overflow Vulnerability

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9787

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-5143

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-5239

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-5247

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openoffice:openoffice.org:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.4:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 9:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openoffice:openoffice.org:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.3:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:openoffice:openoffice.org:2.4:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.6.z:ga:es:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:22724
    P
    		ELSA-2008:0537: openoffice.org security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:9787
    V
    		Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.
    2013-04-29
    oval:com.redhat.rhsa:def:20080537
    P
    		RHSA-2008:0537: openoffice.org security update (Important)
    2008-06-13
    oval:com.redhat.rhsa:def:20080538
    P
    		RHSA-2008:0538: openoffice.org security update (Important)
    2008-06-13
    BACK
    openoffice openoffice.org 2.0
    openoffice openoffice.org 2.1
    openoffice openoffice.org 2.2
    openoffice openoffice.org 2.3
    openoffice openoffice.org 2.4
    openoffice openoffice.org 2.1
    openoffice openoffice.org 2.2
    openoffice openoffice.org 2.3
    openoffice openoffice.org 2.0
    openoffice openoffice.org 2.4
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 4
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    redhat enterprise linux 4.6.z ga
    redhat enterprise linux 4.6.z ga
    mandrakesoft mandrake linux 2008.1