Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 2 Jun 2011 16:01:38 -0400 (EDT)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Caolán McNamara <caolanm@...hat.com>,
        David Tardon <dtardon@...hat.com>,
        Evgeny Legerov <admin@...evydis.com>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- OpenOffice.org -- InteVyDis Demo
 of OpenOffice 0day. Released with VulnDisco 8.8 pack (release date
 May,2009)



----- Original Message -----
> Hello, Josh, Steve, vendors,
> 
> A new security flaw, potentially allowing execution of arbitrary code
> with the privileges of the user running the OpenOffice.org suite tools
> has been reported by the InteVyDis security researchers team:
> [1] http://intevydis.com/oo_0day.html
> [2] http://twitter.com/#!/legerov/status/75482755194032128
> 
> References:
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=709705
> 
> Unfortunately there doesn't seem to be further detailed information
> available right now. But from the Twitter post, looks this issue is
> still valid against OpenOffice.org v3.3.
> 
> Hopefully Evgeny Legerov of InteVyDis security researchers team
> (Cc-ed)
> could provide further background information about this issue, i.e.
> if it is an old issue (like date of 2009 would suggest) and thus a CVE
> identifier has been already assigned to this issue or is this
> completely
> new issue (which did not get fixed from 2009 till now) and thus it
> requires a new CVE id.
> 
> Evgeny, any further information you could provide here, to clear the CVE
> doubt is really appreciated.
> 
> Once the CVE doubt cleared, could you allocate a CVE id for this issue?
> 

I'd say this is plenty to give a CVE ID.

Use CVE-2011-2177

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ