1 2 3 4 5 6

Vulnerabilidades rss pdf

Coordinación de Seguridad de la Información - UNAM-CERT -- DGTIC-UNAM

Vulnerabilidad de Seguridad UNAM-CERT-2005-512 Debian liberó una actualización para koffice.

Debian liberó una actualización para koffice. Esta repara una vulnerabilidad que puede explotarse para comprometer el sistema de un usuario.

  • Fecha de Liberación: 26-Oct-2005
  • Ultima Revisión: 26-Oct-2005
  • Fuente:

    Debian Security Advisory
    DSA-872-1 koffice

  • CVE ID: CAN-2005-2971
  • Riesgo Altamente crítico
  • Problema de Vulnerabilidad Remoto
  • Tipo de Vulnerabilidad Buffer overflow

Sistemas Afectados

Debian GNU/Linux 3.1 alias sarge KOffice < 1.3.5-4.sarge.1
Debian GNU/Linux unstable alias sid KOffice < 1.3.5-5
  1. Descripción

    Debian liberó una actualización para koffice. Esta repara una vulnerabilidad que puede explotarse por personas maliciosas para comprometer el sistema de un usuario.

    • Chris Evans encontró un desbordamiento de memoria en el modulo de importación de archivos RTF de KOffice. Un atacante puede explotarlo para ejecutar código arbitrario con los privilegios del usuario AbiWord, engañando al usuario a abrir un archivo RTF malicioso.

      Ver:
      Buffer Overflow en el importador de archivos RTF en KWord de KOffice.
      http://www.seguridad.unam.mx/vulnerabilidadesDB-vulne=4835

  2. Impacto

    Acceso al sistema.

  3. Solución

    Aplicar la actualización correspondiente.

    -- Debian GNU/Linux 3.1 alias sarge --

    Código fuente:
    http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.1.dsc
    http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.1.diff.gz
    http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5.orig.tar.gz

    Componentes para arquitectura independiente:
    http://security.debian.org/pool/updates/main/k/koffice/kivio-data_1.3.5-4.sarge.1_all.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-data_1.3.5-4.sarge.1_all.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-doc-html_1.3.5-4.sarge.1_all.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice_1.3.5-4.sarge.1_all.deb

    Alpha:
    http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_alpha.deb
    http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_alpha.deb
    http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_alpha.deb
    http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_alpha.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_alpha.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_alpha.deb
    http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_alpha.deb
    http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_alpha.deb
    http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_alpha.deb
    http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_alpha.deb
    http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_alpha.deb

    AMD64:
    http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_amd64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_amd64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_amd64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_amd64.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_amd64.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_amd64.deb
    http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_amd64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_amd64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_amd64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_amd64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_amd64.deb

    ARM:
    http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_arm.deb
    http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_arm.deb
    http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_arm.deb
    http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_arm.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_arm.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_arm.deb
    http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_arm.deb
    http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_arm.deb
    http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_arm.deb
    http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_arm.deb
    http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_arm.deb

    Intel IA-32:
    http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_i386.deb
    http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_i386.deb
    http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_i386.deb
    http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_i386.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_i386.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_i386.deb
    http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_i386.deb
    http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_i386.deb
    http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_i386.deb
    http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_i386.deb
    http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_i386.deb

    Intel IA-64:
    http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_ia64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_ia64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_ia64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_ia64.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_ia64.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_ia64.deb
    http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_ia64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_ia64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_ia64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_ia64.deb
    http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_ia64.deb

    HPPA:
    http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_hppa.deb
    http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_hppa.deb
    http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_hppa.deb
    http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_hppa.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_hppa.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_hppa.deb
    http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_hppa.deb
    http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_hppa.deb
    http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_hppa.deb
    http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_hppa.deb
    http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_hppa.deb

    Motorola 680x0:
    http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_m68k.deb
    http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_m68k.deb
    http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_m68k.deb
    http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_m68k.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_m68k.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_m68k.deb
    http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_m68k.deb
    http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_m68k.deb
    http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_m68k.deb
    http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_m68k.deb
    http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_m68k.deb

    Big endian MIPS:
    http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_mips.deb
    http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_mips.deb
    http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_mips.deb
    http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_mips.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_mips.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_mips.deb
    http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_mips.deb
    http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_mips.deb
    http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_mips.deb
    http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_mips.deb
    http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_mips.deb

    Little endian MIPS:
    http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_mipsel.deb
    http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_mipsel.deb
    http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_mipsel.deb
    http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_mipsel.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_mipsel.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_mipsel.deb
    http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_mipsel.deb
    http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_mipsel.deb
    http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_mipsel.deb
    http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_mipsel.deb
    http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_mipsel.deb

    PowerPC:
    http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_powerpc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_powerpc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_powerpc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_powerpc.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_powerpc.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_powerpc.deb
    http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_powerpc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_powerpc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_powerpc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_powerpc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_powerpc.deb

    IBM S/390:
    http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_s390.deb
    http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_s390.deb
    http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_s390.deb
    http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_s390.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_s390.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_s390.deb
    http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_s390.deb
    http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_s390.deb
    http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_s390.deb
    http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_s390.deb
    http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_s390.deb

    Sun Sparc:
    http://security.debian.org/pool/updates/main/k/koffice/karbon_1.3.5-4.sarge.1_sparc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kchart_1.3.5-4.sarge.1_sparc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kformula_1.3.5-4.sarge.1_sparc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kivio_1.3.5-4.sarge.1_sparc.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-dev_1.3.5-4.sarge.1_sparc.deb
    http://security.debian.org/pool/updates/main/k/koffice/koffice-libs_1.3.5-4.sarge.1_sparc.deb
    http://security.debian.org/pool/updates/main/k/koffice/koshell_1.3.5-4.sarge.1_sparc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kpresenter_1.3.5-4.sarge.1_sparc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kspread_1.3.5-4.sarge.1_sparc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kugar_1.3.5-4.sarge.1_sparc.deb
    http://security.debian.org/pool/updates/main/k/koffice/kword_1.3.5-4.sarge.1_sparc.deb

  4. Apéndices

    Mayor información.

    http://www.debian.org/security/2005/dsa-872
    http://www.seguridad.unam.mx/vulnerabilidadesDB-vulne=4835

La Coordinación de Seguridad de la Información/UNAM-CERT agradece el apoyo en la elaboración ó traducción y revisión de éste Documento a:

  • Floriberto López Velázquez (flopez at seguridad dot unam dot mx)

UNAM-CERT
Equipo de Respuesta a Incidentes UNAM
Coordinación de Seguridad de la Información

incidentes at seguridad.unam.mx
phishing at seguridad.unam.mx
http://www.cert.org.mx
http://www.seguridad.unam.mx
ftp://ftp.seguridad.unam.mx
Tel: 56 22 81 69
Fax: 56 22 80 47


Universidad Nacional Autonoma de México Aviso legal |  Créditos |  Staff |  Administración
Copyright © Todos los derechos reservados
UNAM - CERT