You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@openoffice.apache.org by Herbert Duerr <hd...@apache.org> on 2015/04/25 21:13:35 UTC
CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
CVE-2015-1774
OpenOffice HWP Filter Remote Code Execution and Denial of Service
Vulnerability
A vulnerability in OpenOffice's HWP filter allows attackers to cause a
denial of service (memory corruption and application crash) or possibly
execution of arbitrary code by preparing specially crafted documents in
the HWP document format.
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
All Apache OpenOffice versions 4.1.1 and older are affected.
Mitigation:
Apache OpenOffice users are advised to remove the problematic library in
the "program" folder of their OpenOffice installation. On Windows it is
named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is
named "libhwp.so". Alternatively the library can be renamed to anything
else e.g. "hwp_renamed.dll".
This mitigation will drop AOO's support for documents created in "Hangul
Word Processor" versions from 1997 or older. Users of such documents are
advised to convert their documents to other document formats such as
OpenDocument before doing so.
Apache OpenOffice aims to fix the vulnerability in version 4.1.2.
Credits:
Thanks to an anonymous contributor working with VeriSign iDefense Labs.
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by Gunter Stadie <gu...@arcor.de>.
Dear Mr. Duerr,
I recognized today, that the latest version of OpenOffice is 4.1.1.
Therefore I do not understand your message.
Best regards
Gunter Stadie
Am 25.04.2015 um 21:13 schrieb Herbert Duerr:
> CVE-2015-1774
>
> OpenOffice HWP Filter Remote Code Execution and Denial of Service
> Vulnerability
>
> A vulnerability in OpenOffice's HWP filter allows attackers to cause a
> denial of service (memory corruption and application crash) or possibly
> execution of arbitrary code by preparing specially crafted documents in
> the HWP document format.
>
> Severity: Important
>
> Vendor: The Apache Software Foundation
>
> Versions Affected:
>
> All Apache OpenOffice versions 4.1.1 and older are affected.
>
> Mitigation:
>
> Apache OpenOffice users are advised to remove the problematic library in
> the "program" folder of their OpenOffice installation. On Windows it is
> named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is
> named "libhwp.so". Alternatively the library can be renamed to anything
> else e.g. "hwp_renamed.dll".
> This mitigation will drop AOO's support for documents created in "Hangul
> Word Processor" versions from 1997 or older. Users of such documents are
> advised to convert their documents to other document formats such as
> OpenDocument before doing so.
>
> Apache OpenOffice aims to fix the vulnerability in version 4.1.2.
>
> Credits:
>
> Thanks to an anonymous contributor working with VeriSign iDefense Labs.
>
>
RE: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
Posted by "Dennis E. Hamilton" <de...@acm.org>.
Andreas,
Simply wait, for now, I think. It sometimes takes quite a while for updates to be placed at the Mitre CVE entry.
- Dennis
-----Original Message-----
From: Andrea Pescetti [mailto:pescetti@apache.org]
Sent: Sunday, April 26, 2015 09:23
To: dev@openoffice.apache.org
Subject: Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
On 25/04/2015 Herbert Duerr wrote:
> CVE-2015-1774
> OpenOffice HWP Filter Remote Code Execution and Denial of Service
[ ... ]
Note that the CVE link
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1774
still lists this vulnerability number as "reserved". Should the link be
different? Or should we simply wait that it is made public?
Regards,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by Andrea Pescetti <pe...@apache.org>.
On 25/04/2015 Herbert Duerr wrote:
> CVE-2015-1774
> OpenOffice HWP Filter Remote Code Execution and Denial of Service
This has now been copied to
http://www.openoffice.org/security/bulletin.html
with some additional instructions about the Mac version provided by
Larry Gusaas on the users list.
Note that the CVE link
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1774
still lists this vulnerability number as "reserved". Should the link be
different? Or should we simply wait that it is made public?
Regards,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
Posted by dianne Avery <di...@msn.com>.
And another
Sent from my iPad
On Apr 25, 2015, at 1:11 PM, Herbert Duerr <hd...@apache.org> wrote:
CVE-2015-1774
OpenOffice HWP Filter Remote Code Execution and Denial of Service
Vulnerability
A vulnerability in OpenOffice's HWP filter allows attackers to cause a
denial of service (memory corruption and application crash) or possibly
execution of arbitrary code by preparing specially crafted documents in
the HWP document format.
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
All Apache OpenOffice versions 4.1.1 and older are affected.
Mitigation:
Apache OpenOffice users are advised to remove the problematic library in
the "program" folder of their OpenOffice installation. On Windows it is
named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is
named "libhwp.so". Alternatively the library can be renamed to anything
else e.g. "hwp_renamed.dll".
This mitigation will drop AOO's support for documents created in "Hangul
Word Processor" versions from 1997 or older. Users of such documents are
advised to convert their documents to other document formats such as
OpenDocument before doing so.
Apache OpenOffice aims to fix the vulnerability in version 4.1.2.
Credits:
Thanks to an anonymous contributor working with VeriSign iDefense Labs.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: [utenti-it] I: CVE-2015-1774: OpenOffice HWP Filter Remote Execution
and DoS Vulnerability
Posted by Andrea Pescetti <pe...@apache.org>.
Il 27/04/2015 Gaetano GIORDANO ha scritto:
> Potresti spiegare come si elimina la libreria?
> Essendo un analfabeta informatico o quasi, temo di fare grossi casini!
La libreria è un file come tutti gli altri, anche se sono necessari
permessi amministrativi sul sistema per eliminarla o rinominarla.
La trovi in
C:\Program Files (x86)\OpenOffice 4\program
o eventuale variante tradotta, comunque la cartella "program"
all'interno di "OpenOffice 4".
All'interno della cartella puoi anche semplicemente rinominare i file
che cominciano con hwp (dovrebbe esserci solo quella libreria) in
hwp_old o qualsiasi altro nome.
Ciao,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: utenti-it-unsubscribe@openoffice.apache.org
For additional commands, e-mail: utenti-it-help@openoffice.apache.org
Re: [utenti-it] I: CVE-2015-1774: OpenOffice HWP Filter Remote
Execution and DoS Vulnerability
Posted by Gaetano GIORDANO <dr...@gmail.com>.
Potresti spiegare come si elimina la libreria?
Essendo un analfabeta informatico o quasi, temo di fare grossi casini!
Grazie!
dr. Gaetano Giordano
*================================*
*DR. G. GIORDANO*
*Medico-Chirurgo*
*Psicoterapeuta*
*Specialista in Medicina Legale e delle Assicurazioni*
*STUDIO DI PSICOTERAPIA - MEDICINA LEGALE - PSICHIATRIA FORENSE*
*STUDIO DI ROMA:Piazza dei Re di Roma 300183 - Roma (link alla mappa:
clicca qui
<https://www.google.com/maps/place/Piazza+dei+Re+di+Roma,+3/@41.8811395,12.5143956,17z/data=!3m1!4b1!4m2!3m1!1s0x132f61ec392a91f1:0xcbb61423a13d8b9b>)Tel.
06.7017455 *
*FAX: **0697627251*
*STUDIO DI CERVETERI:*
*Via Gabriele Marini 44Loc. Marina di Cerveteri **(link alla mappa: clicca
qui
<https://www.google.com/maps/place/Via+Gabriele+Marini,+44/@41.9836708,12.0495294,17z/data=!3m1!4b1!4m2!3m1!1s0x1328ab42afa0821d:0x748fc0c5396db766>)*
*00052 Cerveteri *
*PER APPUNTAMENTI A ROMA O CERVETERI:*
*Tel. 06.7017455 *
*MOBILE: 393.33.20.419 *
*Indirizzo di Posta Certificata: dottgiordano@omceoromapec.it
<do...@omceoromapec.it>*
*Contatto Skype: DOTTGIORDANO*
*Coordinatore Area di Psychomedia "Disagio familiare, Separazioni e Affido
dei Minori" - *
*http://www.psychomedia.it/pm/grpind/sepindx1.htm
<http://www.psychomedia.it/pm/grpind/sepindx1.htm>*
*www.centrostudi-ancoragenitori.it
<http://www.centrostudi-ancoragenitori.it>*
https://twitter.com/TheTriksterOne
*_________________________ *
*Questo messaggio è destinato unicamente alla persona o al soggetto ai
quali è indirizzato e può contenere informazioni riservate e/o coperte da
segreto professionale, la cui divulgazione è proibita. Qualora non siate
i destinatari designati non dovrete leggere, utilizzare, diffondere o
copiare le informazioni trasmesse. Nel caso aveste ricevuto questo
messaggio per errore, vogliate cortesemente contattare il mittente e
cancellare il materiale dai vostri computer. Pur essendo state assunte le
dovute precauzioni per ridurre al minimo il rischio di trasmissione di
virus, si suggerisce di effettuare gli opportuni controlli sui documenti
allegati al presente messaggio. Non si assume alcuna responsabilità per
eventuali danni o perdite derivanti dalla presenza di virus.*
*====*
*This message is intended only for the person or entity to which it
is addressed and may contain confidential and/or privileged information,
the disclosure of which is prohibited. If you are not the intended
recipient you may not read, use, disseminate or copy the information
transmitted. If you have received this message in error, please contact the
sender and delete the material from any computer. *
*We have taken precautions to minimize the risk of transmitting software
viruses but nevertheless advise you to carry out your own virus checks on
any attachment of this message. We accept no liability for loss or damage
caused by software viruses.*
Il giorno 27 aprile 2015 17:10, Andrea Pescetti <pe...@apache.org> ha
scritto:
> Il 27/04/2015 Tassi Pierluigi ha scritto:
>
>> vi inoltro questa segnalazione di sicurezza apparsa sulle ML
>> internazionali.
>> CVE-2015-1774
>> OpenOffice HWP Filter Remote Code Execution and Denial of Service
>> Vulnerability
>>
>
> Per maggiori informazioni in inglese:
> http://www.openoffice.org/security/bulletin.html
>
> In pratica, il consiglio è quello di eliminare (o rinominare) la libreria
> hwp.dll (versione Windows), libhwp.dylib (versione Mac: al link trovate le
> istruzioni dettagliate in inglese), libhwp.so (versione Linux).
>
> Questo non creerà alcun problema nell'utilizzo quotidiano di OpenOffice a
> meno che non abbiate bisogno di aprire file creati con le versioni del 1997
> o precedenti di "Hangul Word Processor" (è davvero difficile che ne abbiate
> bisogno; se avete bisogno del supporto Hangul sicuramente lo sapete, se non
> ne avete mai sentito parlare non vi serve). La stragrande maggioranza degli
> utenti può quindi cancellare la libreria e vivere perfettamente senza
> questa funzione.
>
> Il bug sarà risolto nella prossima versione (OpenOffice 4.1.2).
>
> Ciao,
> Andrea.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: utenti-it-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: utenti-it-help@openoffice.apache.org
>
>
Re: [utenti-it] I: CVE-2015-1774: OpenOffice HWP Filter Remote Execution
and DoS Vulnerability
Posted by Andrea Pescetti <pe...@apache.org>.
Il 27/04/2015 Tassi Pierluigi ha scritto:
> vi inoltro questa segnalazione di sicurezza apparsa sulle ML internazionali.
> CVE-2015-1774
> OpenOffice HWP Filter Remote Code Execution and Denial of Service Vulnerability
Per maggiori informazioni in inglese:
http://www.openoffice.org/security/bulletin.html
In pratica, il consiglio è quello di eliminare (o rinominare) la
libreria hwp.dll (versione Windows), libhwp.dylib (versione Mac: al link
trovate le istruzioni dettagliate in inglese), libhwp.so (versione Linux).
Questo non creerà alcun problema nell'utilizzo quotidiano di OpenOffice
a meno che non abbiate bisogno di aprire file creati con le versioni del
1997 o precedenti di "Hangul Word Processor" (è davvero difficile che ne
abbiate bisogno; se avete bisogno del supporto Hangul sicuramente lo
sapete, se non ne avete mai sentito parlare non vi serve). La stragrande
maggioranza degli utenti può quindi cancellare la libreria e vivere
perfettamente senza questa funzione.
Il bug sarà risolto nella prossima versione (OpenOffice 4.1.2).
Ciao,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: utenti-it-unsubscribe@openoffice.apache.org
For additional commands, e-mail: utenti-it-help@openoffice.apache.org
[utenti-it] I: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by Tassi Pierluigi <PT...@Regione.Emilia-Romagna.it>.
Ciao a tutti,
vi inoltro questa segnalazione di sicurezza apparsa sulle ML internazionali.
----
Cordiali saluti, Pierluigi Tassi
-----Messaggio originale-----
Da: Herbert Duerr [mailto:hdu@apache.org]
Inviato: sabato 25 aprile 2015 21:14
A: announce@openoffice.apache.org; dev@openoffice.apache.org; users@openoffice.apache.org
Oggetto: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
CVE-2015-1774
OpenOffice HWP Filter Remote Code Execution and Denial of Service Vulnerability
A vulnerability in OpenOffice's HWP filter allows attackers to cause a denial of service (memory corruption and application crash) or possibly execution of arbitrary code by preparing specially crafted documents in the HWP document format.
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
All Apache OpenOffice versions 4.1.1 and older are affected.
Mitigation:
Apache OpenOffice users are advised to remove the problematic library in the "program" folder of their OpenOffice installation. On Windows it is named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is named "libhwp.so". Alternatively the library can be renamed to anything else e.g. "hwp_renamed.dll".
This mitigation will drop AOO's support for documents created in "Hangul Word Processor" versions from 1997 or older. Users of such documents are advised to convert their documents to other document formats such as OpenDocument before doing so.
Apache OpenOffice aims to fix the vulnerability in version 4.1.2.
Credits:
Thanks to an anonymous contributor working with VeriSign iDefense Labs.
---------------------------------------------------------------------
To unsubscribe, e-mail: utenti-it-unsubscribe@openoffice.apache.org
For additional commands, e-mail: utenti-it-help@openoffice.apache.org
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by Andrea Pescetti <pe...@apache.org>.
Larry Gusaas wrote:
> Go to the Applications folder in Finder
> Right click on OpenOffice.app
> Click on "Show Package Contents"
> Then search for the file with Finder's search function, or
> Look for it in the folder "Contents/MacOS
Thank you Larry for the detailed information, as usual. Since we've
already seen a couple of e-mails asking for this, I copy-pasted your
instructions to the web version of the bulletin:
http://www.openoffice.org/security/bulletin.html
If you'd like to be credited for that, please let us know what to add to
the page; I've omitted your name simply to avoid that people find the
page when looking for more information and then annoy you with support
requests.
Regards,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
For additional commands, e-mail: users-help@openoffice.apache.org
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by Larry Gusaas <la...@gmail.com>.
On 2015-04-25, 8:03 PM Julian Thomas wrote:
>> On Apr 25, 2015, at 15:13, Herbert Duerr <hd...@apache.org> wrote:
>>
>> on Mac it is named "libhwp.dylib"
> Easy find did not turn up this file in either my user directory or in the system directory.
Go to the Applications folder in Finder
Right click on OpenOffice.app
Click on "Show Package Contents"
Then search for the file with Finder's search function, or
Look for it in the folder "Contents/MacOS
--
_________________________________
Larry I. Gusaas
Moose Jaw, Saskatchewan Canada
Website: http://larry-gusaas.com
"An artist is never ahead of his time but most people are far behind theirs." - Edgard Varese
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
For additional commands, e-mail: users-help@openoffice.apache.org
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
Posted by Julian Thomas <jt...@jt-mj.net>.
> On Apr 25, 2015, at 15:13, Herbert Duerr <hd...@apache.org> wrote:
>
> on Mac it is named "libhwp.dylib"
Easy find did not turn up this file in either my user directory or in the system directory.
—
jt - jt@jt-mj.net
There are 3 kinds of people: those who can count & those who can't.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
For additional commands, e-mail: users-help@openoffice.apache.org
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by Gunter Stadie <gu...@arcor.de>.
Dear Mr. Duerr,
I recognized today, that the latest version of OpenOffice is 4.1.1.
Therefore I do not understand your message.
Best regards
Gunter Stadie
Am 25.04.2015 um 21:13 schrieb Herbert Duerr:
> CVE-2015-1774
>
> OpenOffice HWP Filter Remote Code Execution and Denial of Service
> Vulnerability
>
> A vulnerability in OpenOffice's HWP filter allows attackers to cause a
> denial of service (memory corruption and application crash) or possibly
> execution of arbitrary code by preparing specially crafted documents in
> the HWP document format.
>
> Severity: Important
>
> Vendor: The Apache Software Foundation
>
> Versions Affected:
>
> All Apache OpenOffice versions 4.1.1 and older are affected.
>
> Mitigation:
>
> Apache OpenOffice users are advised to remove the problematic library in
> the "program" folder of their OpenOffice installation. On Windows it is
> named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is
> named "libhwp.so". Alternatively the library can be renamed to anything
> else e.g. "hwp_renamed.dll".
> This mitigation will drop AOO's support for documents created in "Hangul
> Word Processor" versions from 1997 or older. Users of such documents are
> advised to convert their documents to other document formats such as
> OpenDocument before doing so.
>
> Apache OpenOffice aims to fix the vulnerability in version 4.1.2.
>
> Credits:
>
> Thanks to an anonymous contributor working with VeriSign iDefense Labs.
>
>
RE: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by chuck ef <ch...@hotmail.com>.
In the bulletin below:
"...on Mac it is named "libhwp.dylib" (step-by-step instructions: go to the Applications folder in Finder; right click on OpenOffice.app; click on "Show Package Contents"; then search for the file "libhwp.dylib" with Finder's search function, or Look for it in the folder "Contents/MacOS"; then delete the file)...".
That library is indeed in "Contents/MacOS"; however, using the Finder search function on "libhwp.dylib" did not turn anything up. I presume Apple hides those things. (I am on an iMac, 10.10.3.)
I found that library, renamed it, and then brought up a spreadsheet and a document - seems OK. Just FYI.
> Date: Sun, 26 Apr 2015 18:41:13 +0200
> From: pescetti@apache.org
> To: users@openoffice.apache.org
> Subject: Re: Fwd: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
>
> Simon Phipps wrote:
> > Does this defect also affect OpenOffice.org or only Apache OpenOffice? The
> > text at http://www.openoffice.org/security/cves/CVE-2015-1774.html does not
> > say specifically.
>
> Updated, thanks.
>
> Andrea
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: users-help@openoffice.apache.org
>
RE: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by chuck ef <ch...@hotmail.com>.
Tried it (again) as advertised and the search did not turn it up. However, as I said, simply going to the folder did turn up the specified file.
> To: users@openoffice.apache.org
> From: larry.gusaas@gmail.com
> Subject: Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
> Date: Sun, 26 Apr 2015 12:47:18 -0600
>
> On 2015-04-26, 12:19 PM chuck ef wrote:
> > In the bulletin below:
> > "...on Mac it is named "libhwp.dylib" (step-by-step instructions: go to the Applications folder in Finder; right click on OpenOffice.app; click on "Show Package Contents"; then search for the file "libhwp.dylib" with Finder's search function, or Look for it in the folder "Contents/MacOS"; then delete the file)...".
> > That library is indeed in "Contents/MacOS"; however, using the Finder search function on "libhwp.dylib" did not turn anything up. I presume Apple hides those things. (I am on an iMac, 10.10.3.)
> > I found that library, renamed it, and then brought up a spreadsheet and a document - seems OK. Just FYI.
>
> The search function in Finder works AFTER you have clicked on "Show Package Contents.
>
> The instructions have to be followed in the order given. Otherwise the search won't work.
>
> --
> _________________________________
>
> Larry I. Gusaas
> Moose Jaw, Saskatchewan Canada
> Website: http://larry-gusaas.com
> "An artist is never ahead of his time but most people are far behind theirs." - Edgard Varese
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: users-help@openoffice.apache.org
>
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
Posted by chuck ef <ch...@hotmail.com>.
Must be
Sent from my iPhone
> On Apr 26, 2015, at 3:40 PM, Larry Gusaas <la...@gmail.com> wrote:
>
>> On 2015-04-26, 2:27 PM chuck ef wrote:
>> Tried it (again) as advertised and the search did not turn it up. However, as I said, simply going to the folder did turn up the specified file.
>
> Works for me every-time. Checked in other apps and search works for anything in the Contents folder.
>
> Must be user error.
>
>>> To: users@openoffice.apache.org
>>> From: larry.gusaas@gmail.com
>>> Subject: Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
>>> Date: Sun, 26 Apr 2015 12:47:18 -0600
>>>
>>> The search function in Finder works AFTER you have clicked on "Show Package Contents.
>>>
>>> The instructions have to be followed in the order given. Otherwise the search won't work.
>
> --
> _________________________________
>
> Larry I. Gusaas
> Moose Jaw, Saskatchewan Canada
> Website: http://larry-gusaas.com
> "An artist is never ahead of his time but most people are far behind theirs." - Edgard Varese
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
> For additional commands, e-mail: users-help@openoffice.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
For additional commands, e-mail: users-help@openoffice.apache.org
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by Larry Gusaas <la...@gmail.com>.
On 2015-04-26, 2:27 PM chuck ef wrote:
> Tried it (again) as advertised and the search did not turn it up. However, as I said, simply going to the folder did turn up the specified file.
Works for me every-time. Checked in other apps and search works for anything in the Contents
folder.
Must be user error.
>> To: users@openoffice.apache.org
>> From: larry.gusaas@gmail.com
>> Subject: Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
>> Date: Sun, 26 Apr 2015 12:47:18 -0600
>>
>> The search function in Finder works AFTER you have clicked on "Show Package Contents.
>>
>> The instructions have to be followed in the order given. Otherwise the search won't work.
--
_________________________________
Larry I. Gusaas
Moose Jaw, Saskatchewan Canada
Website: http://larry-gusaas.com
"An artist is never ahead of his time but most people are far behind theirs." - Edgard Varese
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
For additional commands, e-mail: users-help@openoffice.apache.org
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by Larry Gusaas <la...@gmail.com>.
On 2015-04-26, 12:19 PM chuck ef wrote:
> In the bulletin below:
> "...on Mac it is named "libhwp.dylib" (step-by-step instructions: go to the Applications folder in Finder; right click on OpenOffice.app; click on "Show Package Contents"; then search for the file "libhwp.dylib" with Finder's search function, or Look for it in the folder "Contents/MacOS"; then delete the file)...".
> That library is indeed in "Contents/MacOS"; however, using the Finder search function on "libhwp.dylib" did not turn anything up. I presume Apple hides those things. (I am on an iMac, 10.10.3.)
> I found that library, renamed it, and then brought up a spreadsheet and a document - seems OK. Just FYI.
The search function in Finder works AFTER you have clicked on "Show Package Contents.
The instructions have to be followed in the order given. Otherwise the search won't work.
--
_________________________________
Larry I. Gusaas
Moose Jaw, Saskatchewan Canada
Website: http://larry-gusaas.com
"An artist is never ahead of his time but most people are far behind theirs." - Edgard Varese
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
For additional commands, e-mail: users-help@openoffice.apache.org
Re: Fwd: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and
DoS Vulnerability
Posted by Andrea Pescetti <pe...@apache.org>.
Simon Phipps wrote:
> Does this defect also affect OpenOffice.org or only Apache OpenOffice? The
> text at http://www.openoffice.org/security/cves/CVE-2015-1774.html does not
> say specifically.
Updated, thanks.
Andrea
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
For additional commands, e-mail: users-help@openoffice.apache.org
Re: Fwd: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and
DoS Vulnerability
Posted by Simon Phipps <si...@webmink.com>.
On Sun, Apr 26, 2015 at 5:04 PM, Andrea Pescetti <pe...@apache.org>
wrote:
> On 25/04/2015 William Marshall wrote:
>
>> I don't see anything about this on your website.
>>
>
> Thank you for noticing it. It is now listed here:
> http://www.openoffice.org/security/bulletin.html
>
>
Does this defect also affect OpenOffice.org or only Apache OpenOffice? The
text at http://www.openoffice.org/security/cves/CVE-2015-1774.html does not
say specifically.
S.
Re: Fwd: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and
DoS Vulnerability
Posted by Andrea Pescetti <pe...@apache.org>.
On 25/04/2015 William Marshall wrote:
> I don't see anything about this on your website.
Thank you for noticing it. It is now listed here:
http://www.openoffice.org/security/bulletin.html
Regards,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@openoffice.apache.org
For additional commands, e-mail: users-help@openoffice.apache.org
Fwd: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by William Marshall <wr...@shaw.ca>.
I don't see anything about this on your website. Houston... do we have a
problem here? Got this email at 12pm Pacific.
Bill
-------- Forwarded Message --------
Subject: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Date: Sat, 25 Apr 2015 21:13:35 +0200
From: Herbert Duerr <hd...@apache.org>
Reply-To: announce@openoffice.apache.org
To: announce@openoffice.apache.org, dev@openoffice.apache.org,
users@openoffice.apache.org
CVE-2015-1774
OpenOffice HWP Filter Remote Code Execution and Denial of Service
Vulnerability
A vulnerability in OpenOffice's HWP filter allows attackers to cause a
denial of service (memory corruption and application crash) or possibly
execution of arbitrary code by preparing specially crafted documents in
the HWP document format.
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
All Apache OpenOffice versions 4.1.1 and older are affected.
Mitigation:
Apache OpenOffice users are advised to remove the problematic library in
the "program" folder of their OpenOffice installation. On Windows it is
named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is
named "libhwp.so". Alternatively the library can be renamed to anything
else e.g. "hwp_renamed.dll".
This mitigation will drop AOO's support for documents created in "Hangul
Word Processor" versions from 1997 or older. Users of such documents are
advised to convert their documents to other document formats such as
OpenDocument before doing so.
Apache OpenOffice aims to fix the vulnerability in version 4.1.2.
Credits:
Thanks to an anonymous contributor working with VeriSign iDefense Labs.
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by Jürgen Schmidt <jo...@gmail.com>.
On 29/04/15 21:53, Marcus wrote:
> Am 04/29/2015 05:39 PM, schrieb jan i:
>> On 29 April 2015 at 15:07, Simon Phipps<si...@webmink.com> wrote:
>>
>>> On Wed, Apr 29, 2015 at 2:00 PM, Andrea Pescetti<pe...@apache.org>
>>> wrote:
>>>
>>>> Simon Phipps wrote:
>>>>
>>>>> Given this problem is not fixed in the current download, should the
>>>>> project
>>>>> suspend downloads until it can be addressed?
>>>>>
>>>>
>>>> This looks like a very extreme measure to take. The severity of the
>>>> issue
>>>> would not justify it.
>>>
>>>
>>> Can you explain that please? The CVE says "Severity: Important" and the
>>> effects are "a denial of service or possibly execution of arbitrary
>>> code by
>>> preparing specially crafted documents in the HWP document format."
>>>
>>> The fact we are unaware of current exploits does not mitigate the risk
>>> arising from distributing the software, and the rarity of the file
>>> format
>>> does not reduce the likelihood of it being used in an exploit. Maybe
>>> I am
>>> missing some of the context from the private security list?
>>>
>> It seems to be an extremely seldom used feature, that makes the exploit
>> unlikely.
>>
>> I am with Andrea, stopping downloads would not be right in this case.
>
> +1 I also don't see this as a reason to stop to offer downloads.
stopping the downloads is completely exaggerated. I personally never
have seen such a file besides test documents in real life. We have a
simple and effective work around in place. Even Korean community members
on our l10n list have mentioned that the format is no longer relevant.
And of course we have analyzed the exploit and have decided to either
fix it for the next release or as currently discussed to drop it
completely to get away a further obsolete format.
Why I don't wonder from whom this idea is coming ;-) And Simon to be
serious we take security issues very serious. So for every one who want
to write something about security in AOO, security issues were and still
are a serious and important topic for AOO and we analyze and decide what
to do for every single security issue.
Juergen
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by Marcus <ma...@wtnet.de>.
Am 04/29/2015 05:39 PM, schrieb jan i:
> On 29 April 2015 at 15:07, Simon Phipps<si...@webmink.com> wrote:
>
>> On Wed, Apr 29, 2015 at 2:00 PM, Andrea Pescetti<pe...@apache.org>
>> wrote:
>>
>>> Simon Phipps wrote:
>>>
>>>> Given this problem is not fixed in the current download, should the
>>>> project
>>>> suspend downloads until it can be addressed?
>>>>
>>>
>>> This looks like a very extreme measure to take. The severity of the issue
>>> would not justify it.
>>
>>
>> Can you explain that please? The CVE says "Severity: Important" and the
>> effects are "a denial of service or possibly execution of arbitrary code by
>> preparing specially crafted documents in the HWP document format."
>>
>> The fact we are unaware of current exploits does not mitigate the risk
>> arising from distributing the software, and the rarity of the file format
>> does not reduce the likelihood of it being used in an exploit. Maybe I am
>> missing some of the context from the private security list?
>>
> It seems to be an extremely seldom used feature, that makes the exploit
> unlikely.
>
> I am with Andrea, stopping downloads would not be right in this case.
+1 I also don't see this as a reason to stop to offer downloads.
Marcus
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
Posted by jan i <ja...@apache.org>.
On 29 April 2015 at 15:07, Simon Phipps <si...@webmink.com> wrote:
> On Wed, Apr 29, 2015 at 2:00 PM, Andrea Pescetti <pe...@apache.org>
> wrote:
>
> > Simon Phipps wrote:
> >
> >> Given this problem is not fixed in the current download, should the
> >> project
> >> suspend downloads until it can be addressed?
> >>
> >
> > This looks like a very extreme measure to take. The severity of the issue
> > would not justify it.
>
>
> Can you explain that please? The CVE says "Severity: Important" and the
> effects are "a denial of service or possibly execution of arbitrary code by
> preparing specially crafted documents in the HWP document format."
>
> The fact we are unaware of current exploits does not mitigate the risk
> arising from distributing the software, and the rarity of the file format
> does not reduce the likelihood of it being used in an exploit. Maybe I am
> missing some of the context from the private security list?
>
It seems to be an extremely seldom used feature, that makes the exploit
unlikely.
I am with Andrea, stopping downloads would not be right in this case.
rgds
jan I.
>
> Thanks,
>
> S.
>
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
Posted by Simon Phipps <si...@webmink.com>.
On Wed, Apr 29, 2015 at 2:00 PM, Andrea Pescetti <pe...@apache.org>
wrote:
> Simon Phipps wrote:
>
>> Given this problem is not fixed in the current download, should the
>> project
>> suspend downloads until it can be addressed?
>>
>
> This looks like a very extreme measure to take. The severity of the issue
> would not justify it.
Can you explain that please? The CVE says "Severity: Important" and the
effects are "a denial of service or possibly execution of arbitrary code by
preparing specially crafted documents in the HWP document format."
The fact we are unaware of current exploits does not mitigate the risk
arising from distributing the software, and the rarity of the file format
does not reduce the likelihood of it being used in an exploit. Maybe I am
missing some of the context from the private security list?
Thanks,
S.
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by jonathon <to...@gmail.com>.
On 29/04/15 13:00, Andrea Pescetti wrote:
> issue would not justify it. As far as I know, there are no known
> exploits and we are talking about a file format that is obsolete by all
Is this vulnerability exploited only by opening a file in HWP format, or
can it be exploited by any file?
jonathon
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS
Vulnerability
Posted by Andrea Pescetti <pe...@apache.org>.
Simon Phipps wrote:
> Given this problem is not fixed in the current download, should the project
> suspend downloads until it can be addressed?
This looks like a very extreme measure to take. The severity of the
issue would not justify it. As far as I know, there are no known
exploits and we are talking about a file format that is obsolete by all
means.
Regards,
Andrea.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org
Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution and DoS Vulnerability
Posted by Simon Phipps <si...@webmink.com>.
Given this problem is not fixed in the current download, should the project
suspend downloads until it can be addressed? Few of the people downloading
the package will be aware of this CVE or of the necessary mitigation
post-install.
S.
On Sat, Apr 25, 2015 at 8:13 PM, Herbert Duerr <hd...@apache.org> wrote:
> CVE-2015-1774
>
> OpenOffice HWP Filter Remote Code Execution and Denial of Service
> Vulnerability
>
> A vulnerability in OpenOffice's HWP filter allows attackers to cause a
> denial of service (memory corruption and application crash) or possibly
> execution of arbitrary code by preparing specially crafted documents in
> the HWP document format.
>
> Severity: Important
>
> Vendor: The Apache Software Foundation
>
> Versions Affected:
>
> All Apache OpenOffice versions 4.1.1 and older are affected.
>
> Mitigation:
>
> Apache OpenOffice users are advised to remove the problematic library in
> the "program" folder of their OpenOffice installation. On Windows it is
> named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is
> named "libhwp.so". Alternatively the library can be renamed to anything
> else e.g. "hwp_renamed.dll".
> This mitigation will drop AOO's support for documents created in "Hangul
> Word Processor" versions from 1997 or older. Users of such documents are
> advised to convert their documents to other document formats such as
> OpenDocument before doing so.
>
> Apache OpenOffice aims to fix the vulnerability in version 4.1.2.
>
> Credits:
>
> Thanks to an anonymous contributor working with VeriSign iDefense Labs.
>
>
>
--
*Simon Phipps* http://webmink.com
*Office:* +1 (415) 683-7660 *or* +44 (238) 098 7027
*Mobile*: +44 774 776 2816 *or Telegram <https://telegram.me/webmink>*