[Solved] CVE-2015-1774: OpenOffice HWP Filter Remote...

Let us know how we are doing -

[Solved] CVE-2015-1774: OpenOffice HWP Filter Remote...

Postby 466385@tiscali.co.uk » Sun Apr 26, 2015 12:02 am

Hi all,

I've just pulled an email with the above title out of my spam folder. Is it genuine? Here's what it says:

Ian

CVE-2015-1774

OpenOffice HWP Filter Remote Code Execution and Denial of Service
Vulnerability

A vulnerability in OpenOffice's HWP filter allows attackers to cause a
denial of service (memory corruption and application crash) or possibly
execution of arbitrary code by preparing specially crafted documents in
the HWP document format.

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:

All Apache OpenOffice versions 4.1.1 and older are affected.

Mitigation:

Apache OpenOffice users are advised to remove the problematic library in
the "program" folder of their OpenOffice installation. On Windows it is
named "hwp.dll", on Mac it is named "libhwp.dylib" and on Linux it is
named "libhwp.so". Alternatively the library can be renamed to anything
else e.g. "hwp_renamed.dll".
This mitigation will drop AOO's support for documents created in "Hangul
Word Processor" versions from 1997 or older. Users of such documents are
advised to convert their documents to other document formats such as
OpenDocument before doing so.

Apache OpenOffice aims to fix the vulnerability in version 4.1.2.

Credits:

Thanks to an anonymous contributor working with VeriSign iDefense Labs.
Last edited by 466385@tiscali.co.uk on Mon Apr 27, 2015 9:33 am, edited 1 time in total.
OO latest version; Windows 7 X64 SP1
User avatar
466385@tiscali.co.uk
 
Posts: 81
Joined: Fri Jan 28, 2011 6:59 pm

Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an

Postby RoryOF » Sun Apr 26, 2015 6:03 am

This posting was sent to several of the Apache OpenOffice mailing lists signed by a known contributor to those lists. I have no reason to doubt its validity, but several list members have asked for confirmation.
Apache OpenOffice 4.1.7 on Xubuntu 20.04.1 (mostly 64 bit version) and very infrequently on Win2K/XP
User avatar
RoryOF
Moderator
 
Posts: 31543
Joined: Sat Jan 31, 2009 9:30 pm
Location: Ireland

Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an

Postby 466385@tiscali.co.uk » Sun Apr 26, 2015 9:17 am

Sorry Rory. I may be becoming over-sensitive to word usage, thanks to the ongoing election, but that looks like a politician's answer! Surely somebody from Apache could/should grant official approval?

Ian
OO latest version; Windows 7 X64 SP1
User avatar
466385@tiscali.co.uk
 
Posts: 81
Joined: Fri Jan 28, 2011 6:59 pm

Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an

Postby RoryOF » Sun Apr 26, 2015 9:40 am

I can only tell you what I know. The original poster to the Apache lists is a known contributor - I'm not sure of his status (haven't time to check - fixing dishwasher!), but this vulnerability number shows up on
https://security-tracker.debian.org/tracker/CVE-2015-1774
and elsewhere.

List members on some of the Apache OpenOffice mailing lists have asked for confirmation that the messages were not an email hijack: on my inspection they do not appear to be so.

 Edit: Dishwasher sounds happy! Blocked input filters (at both ends of water input pipe) 


 Edit: Edit2: As for a "politician's answer", remember George Meredith's line in "Modern Love":
"Ah, what a dusty answer gets the soul
When hot for certainties in this our life!" 
Apache OpenOffice 4.1.7 on Xubuntu 20.04.1 (mostly 64 bit version) and very infrequently on Win2K/XP
User avatar
RoryOF
Moderator
 
Posts: 31543
Joined: Sat Jan 31, 2009 9:30 pm
Location: Ireland

Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an

Postby 466385@tiscali.co.uk » Sun Apr 26, 2015 10:31 am

Thanks, Rory, and I'm glad the dishwasher's OK. I'll leave it a few days and see if any more positive proof turns up.

Yours,

Doubting Thomas
OO latest version; Windows 7 X64 SP1
User avatar
466385@tiscali.co.uk
 
Posts: 81
Joined: Fri Jan 28, 2011 6:59 pm

Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an

Postby pescetti » Sun Apr 26, 2015 6:19 pm

I confirm the message is genuine.

See http://www.openoffice.org/security/bulletin.html for more.

The vulnerability is expected to be fixed in our next release (OpenOffice 4.1.2), but you can apply the workaround described in the issue already now.

It is very unlikely that you need support for "Hangul Word Processor" versions from 1997 or older (and if you do, for sure you know it), so deleting or renaming the problematic library will not affect your ordinary usage of OpenOffice.
--
Andrea Pescetti - Apache OpenOffice PMC and security team member.
OpenOffice 4.1.2 Italian
pescetti
 
Posts: 25
Joined: Sat Feb 27, 2010 12:12 pm

Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an

Postby 466385@tiscali.co.uk » Sun Apr 26, 2015 11:37 pm

Thank you. Sorry to be so neurotic, but I've just spent 6 days in the care of a malware clean up expert.

Ian
OO latest version; Windows 7 X64 SP1
User avatar
466385@tiscali.co.uk
 
Posts: 81
Joined: Fri Jan 28, 2011 6:59 pm

Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an

Postby floris v » Mon Apr 27, 2015 9:19 am

One great way to get involved with malware is to publish your e-mail address.
AOO 4.1.6 op Linux Mint
If your problem has been solved or your question has been answered, please edit the first post in this thread and add [Solved] to the title bar.
Nederlandstalig forum
User avatar
floris v
Volunteer
 
Posts: 4206
Joined: Wed Nov 28, 2007 1:21 pm
Location: Netherlands

Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an

Postby 466385@tiscali.co.uk » Mon Apr 27, 2015 9:36 am

Thanks, floris. BTW, I noted the green ink print below your post and tried to edit the title of the first post but couldn't. I added a green tick instead.

Ian
OO latest version; Windows 7 X64 SP1
User avatar
466385@tiscali.co.uk
 
Posts: 81
Joined: Fri Jan 28, 2011 6:59 pm

Re: CVE-2015-1774: OpenOffice HWP Filter Remote Execution an

Postby floris v » Mon Apr 27, 2015 9:38 am

Thank you for editing it, anyway. The title is too long, that's why you can't add text. :)
AOO 4.1.6 op Linux Mint
If your problem has been solved or your question has been answered, please edit the first post in this thread and add [Solved] to the title bar.
Nederlandstalig forum
User avatar
floris v
Volunteer
 
Posts: 4206
Joined: Wed Nov 28, 2007 1:21 pm
Location: Netherlands


Return to Site Feedback

Who is online

Users browsing this forum: No registered users and 2 guests