RHEL 5 : openoffice.org, hsqldb (RHSA-2007:1048)
high Nessus Plugin ID 63845
語系:
概要
遠端 Red Hat 主機缺少一個或多個安全性更新。說明
現已提供適用於 Red Hat Enterprise Linux 5 的更新版 openoffice.org 和 hsqldb 套件,可修正多個安全性瑕疵。Red Hat 安全性回應團隊已將此更新評等為具有中等安全性影響。
OpenOffice.org 是一款辦公套件。HSQLDB 是 OpenOffice.org Base 使用的 Java 關連式資料庫引擎。
據發現,HSQLDB 可允許執行任意公開靜態 Java 方法。在 OpenOffice.org Base 中開啟的特製 odb 檔案可以執行 OpenOffice.org 之使用者的權限執行任意命令。(CVE-2007-4575)
據發現,HSQLDB 並未對「sa」使用者設定密碼。若已將 HSQLDB 設定為服務,可連線至 HSQLDB 連接埠 (tcp 9001) 的遠端攻擊者可執行任意 SQL 命令。(CVE-2003-0845)
請注意,在 Red Hat Enterprise Linux 5 中,HSQLDB 預設未啟用為服務,且必須手動設定才能作為服務運作。
OpenOffice.org 或 HSQLDB 使用者應更新至這些錯字勘誤表套件,其中包含可更正這些問題的反向移植修補程式。
解決方案
更新受影響的套件。另請參閱
https://www.redhat.com/security/data/cve/CVE-2003-0845.html
https://www.redhat.com/security/data/cve/CVE-2007-4575.html
Plugin 詳細資訊
嚴重性: High
ID: 63845
檔案名稱: redhat-RHSA-2007-1048.nasl
版本: 1.9
類型: local
代理程式: unix
已發布: 2013/1/24
已更新: 2021/1/14
支援的感應器: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
風險資訊
VPR
風險因素: High
分數: 7.4
CVSS v2
風險因素: High
基本分數: 9.3
媒介: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
弱點資訊
CPE: p-cpe:/a:redhat:enterprise_linux:openoffice.org-pyuno, p-cpe:/a:redhat:enterprise_linux:openoffice.org-testtools, p-cpe:/a:redhat:enterprise_linux:openoffice.org-writer, p-cpe:/a:redhat:enterprise_linux:hsqldb, p-cpe:/a:redhat:enterprise_linux:hsqldb-demo, p-cpe:/a:redhat:enterprise_linux:hsqldb-javadoc, p-cpe:/a:redhat:enterprise_linux:hsqldb-manual, p-cpe:/a:redhat:enterprise_linux:openoffice.org-base, p-cpe:/a:redhat:enterprise_linux:openoffice.org-calc, p-cpe:/a:redhat:enterprise_linux:openoffice.org-core, p-cpe:/a:redhat:enterprise_linux:openoffice.org-draw, p-cpe:/a:redhat:enterprise_linux:openoffice.org-emailmerge, p-cpe:/a:redhat:enterprise_linux:openoffice.org-graphicfilter, p-cpe:/a:redhat:enterprise_linux:openoffice.org-impress, p-cpe:/a:redhat:enterprise_linux:openoffice.org-javafilter, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-af_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ar, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-as_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-bg_bg, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-bn, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ca_es, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-cs_cz, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-cy_gb, p-cpe:/a:redhat:enterprise_linux:openoffice.org-xsltfilter, cpe:/o:redhat:enterprise_linux:5, cpe:/o:redhat:enterprise_linux:5.1, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-da_dk, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-de, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-el_gr, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-es, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-et_ee, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-eu_es, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-fi_fi, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-fr, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ga_ie, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-gl_es, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-gu_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-he_il, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-hi_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-hr_hr, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-hu_hu, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-it, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ja_jp, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-kn_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ko_kr, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-lt_lt, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ml_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-mr_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ms_my, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-nb_no, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-nl, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-nn_no, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-nr_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-nso_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-or_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-pa_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-pl_pl, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-pt_br, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-pt_pt, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ru, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-sk_sk, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-sl_si, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-sr_cs, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ss_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-st_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-sv, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ta_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-te_in, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-th_th, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-tn_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-tr_tr, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ts_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ur, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-ve_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-xh_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-zh_cn, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-zh_tw, p-cpe:/a:redhat:enterprise_linux:openoffice.org-langpack-zu_za, p-cpe:/a:redhat:enterprise_linux:openoffice.org-math
必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list
可被惡意程式利用: true
可輕鬆利用: Exploits are available
修補程式發佈日期: 2007/12/5
弱點發布日期: 2003/10/5
可惡意利用
CANVAS (CANVAS)
參考資訊
CVE: CVE-2003-0845, CVE-2007-4575