CentOS ProjectCESA-2007:1048hsqldb, openoffice.org security update
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.109 Low
EPSS
Percentile
95.2%
CentOS Errata and Security Advisory CESA-2007:1048
OpenOffice.org is an office productivity suite.
HSQLDB is a Java relational database engine used by OpenOffice.org Base.
It was discovered that HSQLDB could allow the execution of arbitrary public
static Java methods. A carefully crafted odb file opened in OpenOffice.org
Base could execute arbitrary commands with the permissions of the user
running OpenOffice.org. (CVE-2007-4575)
It was discovered that HSQLDB did not have a password set on the ‘sa’ user.
If HSQLDB has been configured as a service, a remote attacker who could
connect to the HSQLDB port (tcp 9001) could execute arbitrary SQL commands.
(CVE-2003-0845)
Note that in Red Hat Enterprise Linux 5, HSQLDB is not enabled as a service
by default, and needs manual configuration in order to work as a service.
Users of OpenOffice.org or HSQLDB should update to these errata packages
which contain backported patches to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-January/076786.html
https://lists.centos.org/pipermail/centos-announce/2008-January/076787.html
Affected packages:
hsqldb
hsqldb-demo
hsqldb-javadoc
hsqldb-manual
openoffice.org-base
openoffice.org-calc
openoffice.org-core
openoffice.org-draw
openoffice.org-emailmerge
openoffice.org-graphicfilter
openoffice.org-impress
openoffice.org-javafilter
openoffice.org-langpack-af_ZA
openoffice.org-langpack-ar
openoffice.org-langpack-as_IN
openoffice.org-langpack-bg_BG
openoffice.org-langpack-bn
openoffice.org-langpack-ca_ES
openoffice.org-langpack-cs_CZ
openoffice.org-langpack-cy_GB
openoffice.org-langpack-da_DK
openoffice.org-langpack-de
openoffice.org-langpack-el_GR
openoffice.org-langpack-es
openoffice.org-langpack-et_EE
openoffice.org-langpack-eu_ES
openoffice.org-langpack-fi_FI
openoffice.org-langpack-fr
openoffice.org-langpack-ga_IE
openoffice.org-langpack-gl_ES
openoffice.org-langpack-gu_IN
openoffice.org-langpack-he_IL
openoffice.org-langpack-hi_IN
openoffice.org-langpack-hr_HR
openoffice.org-langpack-hu_HU
openoffice.org-langpack-it
openoffice.org-langpack-ja_JP
openoffice.org-langpack-kn_IN
openoffice.org-langpack-ko_KR
openoffice.org-langpack-lt_LT
openoffice.org-langpack-ml_IN
openoffice.org-langpack-mr_IN
openoffice.org-langpack-ms_MY
openoffice.org-langpack-nb_NO
openoffice.org-langpack-nl
openoffice.org-langpack-nn_NO
openoffice.org-langpack-nr_ZA
openoffice.org-langpack-nso_ZA
openoffice.org-langpack-or_IN
openoffice.org-langpack-pa_IN
openoffice.org-langpack-pl_PL
openoffice.org-langpack-pt_BR
openoffice.org-langpack-pt_PT
openoffice.org-langpack-ru
openoffice.org-langpack-sk_SK
openoffice.org-langpack-sl_SI
openoffice.org-langpack-sr_CS
openoffice.org-langpack-ss_ZA
openoffice.org-langpack-st_ZA
openoffice.org-langpack-sv
openoffice.org-langpack-ta_IN
openoffice.org-langpack-te_IN
openoffice.org-langpack-th_TH
openoffice.org-langpack-tn_ZA
openoffice.org-langpack-tr_TR
openoffice.org-langpack-ts_ZA
openoffice.org-langpack-ur
openoffice.org-langpack-ve_ZA
openoffice.org-langpack-xh_ZA
openoffice.org-langpack-zh_CN
openoffice.org-langpack-zh_TW
openoffice.org-langpack-zu_ZA
openoffice.org-math
openoffice.org-pyuno
openoffice.org-testtools
openoffice.org-writer
openoffice.org-xsltfilter
Upstream details at:
https://access.redhat.com/errata/RHSA-2007:1048
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| CentOS | 5 | i386 | hsqldb | < 1.8.0.4-3jpp.6 | hsqldb-1.8.0.4-3jpp.6.i386.rpm |
| CentOS | 5 | i386 | hsqldb-demo | < 1.8.0.4-3jpp.6 | hsqldb-demo-1.8.0.4-3jpp.6.i386.rpm |
| CentOS | 5 | i386 | hsqldb-javadoc | < 1.8.0.4-3jpp.6 | hsqldb-javadoc-1.8.0.4-3jpp.6.i386.rpm |
| CentOS | 5 | i386 | hsqldb-manual | < 1.8.0.4-3jpp.6 | hsqldb-manual-1.8.0.4-3jpp.6.i386.rpm |
| CentOS | 5 | i386 | openoffice.org-base | < 2.0.4-5.4.25 | openoffice.org-base-2.0.4-5.4.25.i386.rpm |
| CentOS | 5 | i386 | openoffice.org-calc | < 2.0.4-5.4.25 | openoffice.org-calc-2.0.4-5.4.25.i386.rpm |
| CentOS | 5 | i386 | openoffice.org-core | < 2.0.4-5.4.25 | openoffice.org-core-2.0.4-5.4.25.i386.rpm |
| CentOS | 5 | i386 | openoffice.org-draw | < 2.0.4-5.4.25 | openoffice.org-draw-2.0.4-5.4.25.i386.rpm |
| CentOS | 5 | i386 | openoffice.org-emailmerge | < 2.0.4-5.4.25 | openoffice.org-emailmerge-2.0.4-5.4.25.i386.rpm |
| CentOS | 5 | i386 | openoffice.org-graphicfilter | < 2.0.4-5.4.25 | openoffice.org-graphicfilter-2.0.4-5.4.25.i386.rpm |
Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.9 High
AI Score
Confidence
Low
0.109 Low
EPSS
Percentile
95.2%