RHEL 5:openoffice.org、hsqldb (RHSA-2007:1048)
high Nessus 插件 ID 63845
语言:
简介
远程 Red Hat 主机缺少一个或多个安全更新。描述
更新后的 openoffice.org 和 hsqldb 程序包修复了安全问题,现在可用于 Red Hat Enterprise Linux 5。Red Hat 安全响应团队将此更新评级为具有中等安全影响。
OpenOffice.org 是一个办公应用套件。HSQLDB 是 OpenOffice.org Base 使用的 Java 关系数据库引擎。
已发现 HSQLDB 可允许执行任意公共静态 Java 方法。在 OpenOffice.org Base 中打开的精心构建的 odb 文件可以运行 OpenOffice.org 的用户权限执行任意命令。(CVE-2007-4575)
已发现 HSQLDB 未对“sa”用户设置密码。如果 HSQLDB 已配置为服务,能够连接到 HSQLDB 端口 (tcp 9001) 的远程攻击者可执行任意 SQL 命令。(CVE-2003-0845)
请注意,在 Red Hat Enterprise Linux 5 中,HSQLDB 默认未启用为服务,需要手动配置才可作为服务运行。
OpenOffice.org 或 HSQLDB 用户应更新到这些勘误表程序包,其中包含用于修正这些问题的向后移植的修补程序。
解决方案
更新受影响的数据包。另见
https://www.redhat.com/security/data/cve/CVE-2003-0845.html
https://www.redhat.com/security/data/cve/CVE-2007-4575.html
插件详情
严重性: High
ID: 63845
文件名: redhat-RHSA-2007-1048.nasl
版本: 1.9
类型: local
代理: unix
发布时间: 2013/1/24
最近更新时间: 2021/1/14
支持的传感器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
风险信息
VPR
风险因素: High
分数: 7.4
CVSS v2
风险因素: High
基本分数: 9.3
矢量: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
漏洞信息
CPE: p-cpe:/a:redhat:enterprise_linux:openoffice.org-pyuno, p-cpe:/a:redhat:enterprise_linux:openoffice.org-testtools, p-cpe:/a:redhat:enterprise_linux:openoffice.org-writer, p-cpe:/a:redhat:enterprise_linux:hsqldb, p-cpe:/a:redhat:enterprise_linux:hsqldb-demo, p-cpe:/a:redhat:enterprise_linux:hsqldb-javadoc, p-cpe:/a:redhat:enterprise_linux:hsqldb-manual, p-cpe:/a:redhat:enterprise_linux:openoffice.org-base, p-cpe:/a:redhat:enterprise_linux:openoffice.org-calc, p-cpe:/a:redhat:enterprise_linux:openoffice.org-core, p-cpe:/a:redhat:enterprise_linux:openoffice.org-draw, p-cpe:/a:redhat:enterprise_linux:openoffice.org-emailmerge, p-cpe:/a:redhat:enterprise_linux:openoffice.org-graphicfilter, p-cpe:/a:redhat:enterprise_linux:openoffice.org-impress, p-cpe:/a:redhat:enterprise_linux:openoffice.org-javafilter, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-af_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ar, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-as_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-bg_bg, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-bn, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ca_es, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-cs_cz, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-cy_gb, p-cpe:/a:redhat:enterprise_linux:openoffice.org-xsltfilter, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:5.1, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-da_dk, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-de, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-el_gr, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-es, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-et_ee, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-eu_es, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-fi_fi, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-fr, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ga_ie, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-gl_es, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-gu_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-he_il, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-hi_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-hr_hr, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-hu_hu, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-it, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ja_jp, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-kn_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ko_kr, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-lt_lt, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ml_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-mr_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ms_my, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-nb_no, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-nl, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-nn_no, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-nr_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-nso_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-or_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-pa_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-pl_pl, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-pt_br, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-pt_pt, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ru, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-sk_sk, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-sl_si, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-sr_cs, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ss_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-st_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-sv, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ta_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-te_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-th_th, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-tn_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-tr_tr, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ts_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ur, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ve_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-xh_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-zh_cn, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-zh_tw, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-zu_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-math
必需的 KB 项: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
可利用: true
易利用性: Exploits are available
补丁发布日期: 2007/12/5
漏洞发布日期: 2003/10/5
可利用的方式
CANVAS (CANVAS)
参考资料信息
CVE: CVE-2003-0845, CVE-2007-4575