Author: marcus
Date: Wed Jul 20 21:19:48 2016
New Revision: 1753610
URL: http://svn.apache.org/viewvc?rev=1753610&view=rev
Log:
Added new advisory for CVE-2016-1513
Added:
openoffice/ooo-site/trunk/content/security/cves/CVE-2016-1513.html (with
props)
Added: openoffice/ooo-site/trunk/content/security/cves/CVE-2016-1513.html
URL:
http://svn.apache.org/viewvc/openoffice/ooo-site/trunk/content/security/cves/CVE-2016-1513.html?rev=1753610&view=auto
==============================================================================
--- openoffice/ooo-site/trunk/content/security/cves/CVE-2016-1513.html (added)
+++ openoffice/ooo-site/trunk/content/security/cves/CVE-2016-1513.html Wed Jul
20 21:19:48 2016
@@ -0,0 +1,152 @@
+
+<!DOCTYPE html>
+<html>
+ <head>
+ <title>CVE-2016-1513</title>
+ <style type="text/css"></style>
+ </head>
+
+ <body>
+ <!-- These were previously defined as XHTML pages. The current wrapping
for the site
+ introduces HTML5 headers and formats. This version is modified to
match the
+ wrapping that is done as part of publishing this page and not rely on
any
+ particular styling beyond <p>.
+ -->
+
+ <p>
+ <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-1513";>
+ CVE-2016-1513</a>
+ </p>
+
+ <p>
+ <a href="http://www.openoffice.org/security/cves/CVE-2016-1513.html";>
+ Apache OpenOffice Advisory</a>
+ </p>
+
+ <p>
+ <strong>Memory Corruption Vulnerability (Impress
Presentations)</strong>
+ </p>
+
+ <p>
+ <strong>Version 1.0</strong>
+ </p>
+
+ <p>
+ Announced July 21, 2016
+ </p>
+
+ <p>
+ <strong>Summary</strong>
+ </p>
+
+ <p>
+ An OpenDocument Presentation .ODP or Presentation Template .OTP file
can contain invalid presentation elements that lead to memory corruption when
the document is loaded in Apache OpenOffice Impress. The defect may cause the
document to appear as corrupted and OpenOffice may crash in a recovery-stuck
mode requiring manual intervention. A crafted exploitation of the defect can
allow an attacker to cause denial of service (memory corruption and application
crash) and possible execution of arbitrary code.
+ </p>
+
+ <p>
+ <strong>Severity: Medium</strong>
+ </p>
+
+ <p>There are no known exploits of this vulnerabilty.<br />
+ A proof-of-concept demonstration exists.
+ </p>
+
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+
+ <p>
+ All Apache OpenOffice versions 4.1.2 and older are affected.<br />
+ OpenOffice.org versions are also affected.
+ </p>
+
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+
+ <p>
+ There is no updated download currently available to mitigate this
vulnerability. Until a hot fix or maintenance release is available, users
should be vigilant and employ workarounds.
+ <br /><br />
+ A source-code patch that blocks the vulnerability has been developed
and is available for developers at <a
href="https://bz.apache.org/ooo/show_bug.cgi?id=127045";>issue 127045</a>.
+ <br /><br />
+ Antivirus can detect documents attempting to exploit this
vulnerability by employing Snort Signature IDs 35828-35829.
+ </p>
+
+ <p>
+ <strong>Description</strong>
+ </p>
+
+ <p>
+ An OpenDocument Presentation .ODP or Presentation Template .OTP file
can contain invalid presentation elements that lead to memory corruption when
the document is loaded in Apache OpenOffice Impress. The defect may cause the
document to appear as corrupted. OpenOffice may simply close or crash, possibly
in a recovery-stuck mode requiring manual intervention, including removal of
any document lock.
+ <br /><br />
+ A crafted exploitation of the vulnerability can allow an attacker to
cause denial of service (memory corruption and application crash) and possible
execution of arbitrary code.
+ </p>
+
+ <p>
+ <strong>Defenses and Work-Arounds</strong>
+ </p>
+
+ <p>
+ For defects such as those involved in CVE-2016-1513, documents can
be crafted to cause memory corruption enough to crash Apache OpenOffice
Impress. However, the conditions under which arbitrary code can be executed are
complex and difficult to achieve in an undetected manner.
+ <br /><br />
+ An important layer of defense for all such cases is to avoid
operating Apache OpenOffice (and any other personal productivity programs)
under a computer account that has administrative privileges of any kind. While
installation of Apache OpenOffice requires elevated privileges and user
permission on platforms such as Microsoft Windows, operation of the software
does not.
+ <br /><br />
+ Keeping antivirus/antimalware software current is also important.
This will serve to identify and distinguish suspicious documents that involve
the exploit, avoiding confusion with documents that are damaged and/or fail for
other reasons.
+ <br /><br />
+ Impress cannot be used to directly produce documents having the
CVE-2016-1513-related defect. Impress-authored .ODP and .OTP documents of an
user's own that exhibit any of these characteristics are not the result of an
exploit. They may be consequences of a separate Impress defect that should be
reported.
+ <br /><br />
+ For .ODP and .OTP files from unknown or suspicious sources, any
automatic closing on opening or failing of OpenOffice Impress can be checked by
opening the file in an OpenDocument Presentation application that is not
vulnerable to the defective document formatting involved in CVE-2016-1513.
Current releases of LibreOffice and Microsoft Office PowerPoint (for .ODP
files), including PowerPoint Online, are known to avoid the defect. Other
ODF-supporting software may be successful. The resulting presentation may
appear corrupted or incomplete and need not reflect an actual exploit attempt.
Saving the document as a new presentation file will be exploit-free either way.
+ <br /><br />
+ To report a suspicious document from an external source and for
which OpenOffice Impress crashes, preserve the file exactly and report to <a
href="mailto:secur...@openoffice.apache.org";>secur...@openoffice.apache.org</a>.
Await further instructions for submission of the file itself. Do not post
files having suspected exploits to mailing lists, the issue-reporting system,
or any other public location.
+ <br /><br />
+ For additional information and assistance, consult the <a
href="https://forum.openoffice.org/";>Apache OpenOffice Community Forums</a>, or
make requests to the <a
href="mailto:us...@openoffice.apache.org";>us...@openoffice.apache.org</a>
public mailing list. Defects not involving suspected security vulnerabilities
can be reported with a normal issue via <a
href="http://www.openoffice.org/qa/issue_handling/pre_submission.html";>Bugzilla</a>.
+ </p>
+
+ <p>
+ <strong>Precautions</strong>
+ </p>
+
+ <p>
+ Users who do not upgrade to Apache OpenOffice 4.1.2 should be
careful of .DOC files from unknown or unreliable sources. A Microsoft Word
97-2003 .DOC format file can be checked by opening with software, such as
Microsoft Office Word or Word Online. The documents may be rejected as
corrupted or extraordinary employment of bookmarks may be observable.
+ </p>
+
+ <p>
+ <strong>Further Information</strong>
+ </p>
+
+ <p>For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/";>Apache OpenOffice Community
Forums</a>
+ or make requests to the
+ <a
href="mailto:us...@openofffice.apache.org";>us...@openofffice.apache.org</a>
+ public mailing list.
+ </p>
+
+ <p>
+ The latest information on Apache OpenOffice security bulletins can
be found at the <a href="http://www.openoffice.org/security/bulletin.html";>
+ Bulletin Archive page</a>.
+ </p>
+
+ <p>
+ <strong>Credits</strong>
+ </p>
+
+ <p>
+ The Apache OpenOffice project acknowledges the discovery and
analysis for CVE-2016-1513 by Yves Younan and Richard Johnson of Cisco Talos.
+ </p>
+
+ <hr />
+
+ <p>
+ <a href="http://www.openoffice.org/security/";>Security Home</a>
+ -> <a href="http://www.openoffice.org/security/bulletin.html";>
+ Bulletin</a>
+ -> <a
href="http://www.openoffice.org/security/cves/CVE-2016-1513.html";>
+ CVE-2016-1513</a>
+ </p>
+
+ </body>
+</html>
Propchange: openoffice/ooo-site/trunk/content/security/cves/CVE-2016-1513.html
------------------------------------------------------------------------------
svn:eol-style = native
