Gentoo Linux Security Advisory GLSA 200407-11
Severity: Normal
Title: wv: Buffer overflow vulnerability
Date: July 14, 2004
Bugs: #56595
ID: 200407-11
Synopsis
A buffer overflow vulnerability exists in the wv library that
can allow an attacker to execute arbitrary code with the privileges
of the user running the vulnerable application.
Background
The wv library allows access to MS Word files. It can parse Word
files and allow other applications, such as abiword, to import
those files into their native formats.
Affected packages
Package | Vulnerable | Unaffected |
1 app-text/wv | < 1.0.0-r1 | >= 1.0.0-r1 |
Description
A use of strcat without proper bounds checking leads to an
exploitable buffer overflow. The vulnerable code is executed when
wv encounters an unrecognized token, so a specially crafted file,
loaded in wv, can trigger the vulnerable code and execute it’s own
arbitrary code. This exploit is only possible when the user loads
the document into HTML view mode.
Impact
By inducing a user into running wv on a special file, an
attacker can execute arbitrary code with the permissions of the
user running the vulnerable program.
Workaround
Users should not view untrusted documents with wvHtml or
applications using wv. When loading an untrusted document in an
application using the wv library, make sure HTML view is
disabled.
Resolution
All users should upgrade to the latest available version.
# emerge sync # emerge -pv ">=app-text/wv-1.0.0-r1" # emerge ">=app-text/wv-1.0.0-r1"
References
[ 1 ] iDEFENSE Security Advisory
http://www.idefense.com/application/poi/display?id=115&type=vulnerabilities&flashstatus=true
Availability
This GLSA and any updates to it are available for viewing at the
Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-200407-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or
alternatively, you may file a bug at http://bugs.gentoo.org.
License
Copyright 2004 Gentoo Foundation, Inc; referenced text belongs
to its owner(s).
The contents of this document are licensed under the Creative
Commons – Attribution / Share Alike license.