OpenOffice Update Component Lack of Digital Signatures Lets Remote Users Install Arbitrary Code in Certain Cases
|
|
SecurityTracker Alert ID: 1020583
|
|
SecurityTracker URL: http://securitytracker.com/id?1020583
|
|
CVE Reference: CVE-2008-3437
(Links to External Site)
|
Updated: Aug 7 2008
|
Original Entry Date: Jul 31 2008
|
Impact: Modification of system information, User access via network
|
Exploit Included: Yes
|
Description: A vulnerability was reported in OpenOffice. A remote user with the ability to masquerade as the update server can install arbitrary code on the target user's system.
The update software does not digitally sign and verify software updates. A remote user with the ability to masquerade as the update
server can cause arbitrary code to be installed on the target user's system when the target user's OpenOffice update utility performs
an update.
A remote user can conduct DNS spoofing attacks, man-in-the-middle attacks, or other methods to potentially masquerade
as the update server.
A demonstration exploit is available at:
http://www.infobyte.com.ar/developments.html
Francisco Amato
of Infobyte Security Research reported this vulnerability.
|
Impact: A remote user with the ability to spoof the DNS or conduct a man-in-the-middle attack can install arbitrary code on the target user's system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.openoffice.org/ (Links to External Site)
|
Cause: Authentication error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: "[ISR] - Infobyte Security Research" <noreply@infobyte.com.ar>
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 28 Jul 2008 07:19:54 -0300
From: "[ISR] - Infobyte Security Research" <noreply@infobyte.com.ar>
Subject: [Full-disclosure] Tool release: [evilgrade] - Using DNS cache
|
-- ISR - Infobyte Security Research
-- | ISR-evilgrade | www.infobyte.com.ar |
ISR-evilgrade: is a modular framework that allow us to take advantage of poor upgrade implementations
by injecting fake updates.
* How does it work?
It works with modules, each module implements the structure needed to emulate a false update of speci
fic applications/systems.
Evilgrade needs the manipulation of the victim dns traffic.
Attack vectors:
---------------------
Internal scenary: (Internal DNS access,ARP spoofing,DNS Cache Poisoning, DHCP spoofing)
External scenary: (Internal DNS access,DNS Cache Poisoning)
* What are the supported OS?
The framework is multiplaform, it only depends of having the right payload for the target platform to
be exploited.
Implemented modules:
---------------------------------
- Java plugin
- Winzip
- Winamp
- MacOS
- OpenOffices
- iTunes
- Linkedin Toolbar
- DAP [Download Accelerator]
- notepad++
- speedbit
..:: DEMO
Demo feature - (Java plugin + Dan Kaminsky´s Dns vulnerability) = remote pwned.
http://www.infobyte.com.ar/demo/evilgrade.htm
..:: AUTHOR
Francisco Amato
famato+at+infobyte+dot+com+dot+ar
..:: DOWNLOAD
http://www.infobyte.com.ar/developments.html
..:: MORE INFORMATION
Presentation:
http://www.infobyte.com.ar/down/Francisco-Amato-evilgrade-ENG.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
|
|
