Rapid7 Vulnerability & Exploit Database

CESA-2007:1048: openoffice.org, hsqldb security update

Back to Search

CESA-2007:1048: openoffice.org, hsqldb security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
12/05/2007
Created
07/25/2018
Added
03/12/2010
Modified
07/04/2017

Description

OpenOffice.org is an office productivity suite.HSQLDB is a Java relational database engine used by OpenOffice.org Base.It was discovered that HSQLDB could allow the execution of arbitrary publicstatic Java methods. A carefully crafted odb file opened in OpenOffice.orgBase could execute arbitrary commands with the permissions of the userrunning OpenOffice.org. (CVE-2007-4575)It was discovered that HSQLDB did not have a password set on the 'sa' user. If HSQLDB has been configured as a service, a remote attacker who couldconnect to the HSQLDB port (tcp 9001) could execute arbitrary SQL commands.(CVE-2003-0845)Note that in Red Hat Enterprise Linux 5, HSQLDB is not enabled as a serviceby default, and needs manual configuration in order to work as a service.Users of OpenOffice.org or HSQLDB should update to these errata packageswhich contain backported patches to correct these issues.

Solution(s)

  • centos-upgrade-hsqldb
  • centos-upgrade-hsqldb-demo
  • centos-upgrade-hsqldb-javadoc
  • centos-upgrade-hsqldb-manual
  • centos-upgrade-openoffice-org-base
  • centos-upgrade-openoffice-org-calc
  • centos-upgrade-openoffice-org-core
  • centos-upgrade-openoffice-org-draw
  • centos-upgrade-openoffice-org-emailmerge
  • centos-upgrade-openoffice-org-graphicfilter
  • centos-upgrade-openoffice-org-impress
  • centos-upgrade-openoffice-org-javafilter
  • centos-upgrade-openoffice-org-langpack-af_za
  • centos-upgrade-openoffice-org-langpack-ar
  • centos-upgrade-openoffice-org-langpack-as_in
  • centos-upgrade-openoffice-org-langpack-bg_bg
  • centos-upgrade-openoffice-org-langpack-bn
  • centos-upgrade-openoffice-org-langpack-ca_es
  • centos-upgrade-openoffice-org-langpack-cs_cz
  • centos-upgrade-openoffice-org-langpack-cy_gb
  • centos-upgrade-openoffice-org-langpack-da_dk
  • centos-upgrade-openoffice-org-langpack-de
  • centos-upgrade-openoffice-org-langpack-el_gr
  • centos-upgrade-openoffice-org-langpack-es
  • centos-upgrade-openoffice-org-langpack-et_ee
  • centos-upgrade-openoffice-org-langpack-eu_es
  • centos-upgrade-openoffice-org-langpack-fi_fi
  • centos-upgrade-openoffice-org-langpack-fr
  • centos-upgrade-openoffice-org-langpack-ga_ie
  • centos-upgrade-openoffice-org-langpack-gl_es
  • centos-upgrade-openoffice-org-langpack-gu_in
  • centos-upgrade-openoffice-org-langpack-he_il
  • centos-upgrade-openoffice-org-langpack-hi_in
  • centos-upgrade-openoffice-org-langpack-hr_hr
  • centos-upgrade-openoffice-org-langpack-hu_hu
  • centos-upgrade-openoffice-org-langpack-it
  • centos-upgrade-openoffice-org-langpack-ja_jp
  • centos-upgrade-openoffice-org-langpack-kn_in
  • centos-upgrade-openoffice-org-langpack-ko_kr
  • centos-upgrade-openoffice-org-langpack-lt_lt
  • centos-upgrade-openoffice-org-langpack-ml_in
  • centos-upgrade-openoffice-org-langpack-mr_in
  • centos-upgrade-openoffice-org-langpack-ms_my
  • centos-upgrade-openoffice-org-langpack-nb_no
  • centos-upgrade-openoffice-org-langpack-nl
  • centos-upgrade-openoffice-org-langpack-nn_no
  • centos-upgrade-openoffice-org-langpack-nr_za
  • centos-upgrade-openoffice-org-langpack-nso_za
  • centos-upgrade-openoffice-org-langpack-or_in
  • centos-upgrade-openoffice-org-langpack-pa_in
  • centos-upgrade-openoffice-org-langpack-pl_pl
  • centos-upgrade-openoffice-org-langpack-pt_br
  • centos-upgrade-openoffice-org-langpack-pt_pt
  • centos-upgrade-openoffice-org-langpack-ru
  • centos-upgrade-openoffice-org-langpack-sk_sk
  • centos-upgrade-openoffice-org-langpack-sl_si
  • centos-upgrade-openoffice-org-langpack-sr_cs
  • centos-upgrade-openoffice-org-langpack-ss_za
  • centos-upgrade-openoffice-org-langpack-st_za
  • centos-upgrade-openoffice-org-langpack-sv
  • centos-upgrade-openoffice-org-langpack-ta_in
  • centos-upgrade-openoffice-org-langpack-te_in
  • centos-upgrade-openoffice-org-langpack-th_th
  • centos-upgrade-openoffice-org-langpack-tn_za
  • centos-upgrade-openoffice-org-langpack-tr_tr
  • centos-upgrade-openoffice-org-langpack-ts_za
  • centos-upgrade-openoffice-org-langpack-ur
  • centos-upgrade-openoffice-org-langpack-ve_za
  • centos-upgrade-openoffice-org-langpack-xh_za
  • centos-upgrade-openoffice-org-langpack-zh_cn
  • centos-upgrade-openoffice-org-langpack-zh_tw
  • centos-upgrade-openoffice-org-langpack-zu_za
  • centos-upgrade-openoffice-org-math
  • centos-upgrade-openoffice-org-pyuno
  • centos-upgrade-openoffice-org-testtools
  • centos-upgrade-openoffice-org-writer
  • centos-upgrade-openoffice-org-xsltfilter

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;