ID de Prueba:	1.3.6.1.4.1.25623.1.0.59934
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:1090
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:1090. OpenOffice.org is an office productivity suite. HSQLDB is the default database engine shipped with OpenOffice.org 2. It was discovered that HSQLDB could allow the execution of arbitrary public static Java methods. A carefully crafted odb file opened in OpenOffice.org Base could execute arbitrary commands with the permissions of the user running OpenOffice.org. (CVE-2007-4575) All users of OpenOffice.org are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-1090.html http://www.openoffice.org/security/cves/CVE-2007-4575.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4575 BugTraq ID: 26703 http://www.securityfocus.com/bid/26703 Debian Security Information: DSA-1419 (Google Search) http://www.debian.org/security/2007/dsa-1419 https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00753.html http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00134.html https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00678.html http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00155.html http://www.redhat.com/archives/fedora-package-announce/2007-December/msg00281.html http://www.gentoo.org/security/en/glsa/glsa-200712-25.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:095 http://bugs.gentoo.org/show_bug.cgi?id=200771 http://bugs.gentoo.org/show_bug.cgi?id=201799 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10153 http://www.redhat.com/support/errata/RHSA-2007-1048.html http://www.redhat.com/support/errata/RHSA-2007-1090.html http://www.redhat.com/support/errata/RHSA-2008-0151.html http://www.redhat.com/support/errata/RHSA-2008-0158.html http://www.redhat.com/support/errata/RHSA-2008-0213.html http://www.securitytracker.com/id?1019041 http://secunia.com/advisories/27914 http://secunia.com/advisories/27916 http://secunia.com/advisories/27928 http://secunia.com/advisories/27931 http://secunia.com/advisories/27972 http://secunia.com/advisories/28018 http://secunia.com/advisories/28039 http://secunia.com/advisories/28286 http://secunia.com/advisories/28585 http://secunia.com/advisories/30100 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103141-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200637-1 SuSE Security Announcement: SUSE-SA:2007:067 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2007-12/msg00005.html http://www.ubuntu.com/usn/usn-609-1 http://www.vupen.com/english/advisories/2007/4092 http://www.vupen.com/english/advisories/2007/4146 XForce ISS Database: openoffice-hsqldb-code-execution(38882) https://exchange.xforce.ibmcloud.com/vulnerabilities/38882
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.