ID de Prueba:	1.3.6.1.4.1.25623.1.0.59933
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:1048
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:1048. OpenOffice.org is an office productivity suite. HSQLDB is a Java relational database engine used by OpenOffice.org Base. It was discovered that HSQLDB could allow the execution of arbitrary public static Java methods. A carefully crafted odb file opened in OpenOffice.org Base could execute arbitrary commands with the permissions of the user running OpenOffice.org. (CVE-2007-4575) It was discovered that HSQLDB did not have a password set on the 'sa' user. If HSQLDB has been configured as a service, a remote attacker who could connect to the HSQLDB port (tcp 9001) could execute arbitrary SQL commands. (CVE-2003-0845) Note that in Red Hat Enterprise Linux 5, HSQLDB is not enabled as a service by default, and needs manual configuration in order to work as a service. Users of OpenOffice.org or HSQLDB should update to these errata packages which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-1048.html http://www.openoffice.org/security/cves/CVE-2007-4575.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0845 BugTraq ID: 8773 http://www.securityfocus.com/bid/8773 Bugtraq: 20031005 JBoss 3.2.1: Remote Command Injection (Google Search) http://marc.info/?l=bugtraq&m=106546044416498&w=2 Bugtraq: 20031006 Update JBoss 308 & 321: Remote Command Injection (Google Search) http://marc.info/?l=bugtraq&m=106547728803252&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11300 http://www.redhat.com/support/errata/RHSA-2007-1048.html http://secunia.com/advisories/27914 Common Vulnerability Exposure (CVE) ID: CVE-2007-4575 BugTraq ID: 26703 http://www.securityfocus.com/bid/26703 Debian Security Information: DSA-1419 (Google Search) http://www.debian.org/security/2007/dsa-1419 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00753.html http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00678.html http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.html http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.html http://www.gentoo.org/security/en/glsa/glsa-200712-25.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:095 http://bugs.gentoo.org/show_bug.cgi?id=200771 http://bugs.gentoo.org/show_bug.cgi?id=201799 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10153 http://www.redhat.com/support/errata/RHSA-2007-1090.html http://www.redhat.com/support/errata/RHSA-2008-0151.html http://www.redhat.com/support/errata/RHSA-2008-0158.html http://www.redhat.com/support/errata/RHSA-2008-0213.html http://www.securitytracker.com/id?1019041 http://secunia.com/advisories/27916 http://secunia.com/advisories/27928 http://secunia.com/advisories/27931 http://secunia.com/advisories/27972 http://secunia.com/advisories/28018 http://secunia.com/advisories/28039 http://secunia.com/advisories/28286 http://secunia.com/advisories/28585 http://secunia.com/advisories/30100 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103141-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200637-1 SuSE Security Announcement: SUSE-SA:2007:067 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.html http://www.ubuntu.com/usn/usn-609-1 http://www.vupen.com/english/advisories/2007/4092 http://www.vupen.com/english/advisories/2007/4146 XForce ISS Database: openoffice-hsqldb-code-execution(38882) https://exchange.xforce.ibmcloud.com/vulnerabilities/38882
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.