(RHSA-2007:1048) Moderate: openoffice.org, hsqldb security update

2007-12-0500:00:00

access.redhat.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.109 Low

EPSS

Percentile

94.5%

JSON

OpenOffice.org is an office productivity suite.
HSQLDB is a Java relational database engine used by OpenOffice.org Base.

It was discovered that HSQLDB could allow the execution of arbitrary public
static Java methods. A carefully crafted odb file opened in OpenOffice.org
Base could execute arbitrary commands with the permissions of the user
running OpenOffice.org. (CVE-2007-4575)

It was discovered that HSQLDB did not have a password set on the ‘sa’ user.
If HSQLDB has been configured as a service, a remote attacker who could
connect to the HSQLDB port (tcp 9001) could execute arbitrary SQL commands.
(CVE-2003-0845)

Note that in Red Hat Enterprise Linux 5, HSQLDB is not enabled as a service
by default, and needs manual configuration in order to work as a service.

Users of OpenOffice.org or HSQLDB should update to these errata packages
which contain backported patches to correct these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanyx86_64openoffice.org-langpack-nr_za< 2.0.4-5.4.25openoffice.org-langpack-nr_ZA-2.0.4-5.4.25.x86_64.rpm
RedHatanyi386openoffice.org-math< 2.0.4-5.4.25openoffice.org-math-2.0.4-5.4.25.i386.rpm
RedHatanyi386openoffice.org-langpack-hu_hu< 2.0.4-5.4.25openoffice.org-langpack-hu_HU-2.0.4-5.4.25.i386.rpm
RedHatanyx86_64openoffice.org-xsltfilter< 2.0.4-5.4.25openoffice.org-xsltfilter-2.0.4-5.4.25.x86_64.rpm
RedHatanyi386openoffice.org-impress< 2.0.4-5.4.25openoffice.org-impress-2.0.4-5.4.25.i386.rpm
RedHatanyx86_64openoffice.org-impress< 2.0.4-5.4.25openoffice.org-impress-2.0.4-5.4.25.x86_64.rpm
RedHatanyi386hsqldb-manual< 1.8.0.4-3jpp.6hsqldb-manual-1.8.0.4-3jpp.6.i386.rpm
RedHatanyi386openoffice.org-langpack-pt_pt< 2.0.4-5.4.25openoffice.org-langpack-pt_PT-2.0.4-5.4.25.i386.rpm
RedHatanyi386openoffice.org-langpack-ja_jp< 2.0.4-5.4.25openoffice.org-langpack-ja_JP-2.0.4-5.4.25.i386.rpm
RedHatanyx86_64openoffice.org-langpack-zh_tw< 2.0.4-5.4.25openoffice.org-langpack-zh_TW-2.0.4-5.4.25.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	x86_64	openoffice.org-langpack-nr_za	< 2.0.4-5.4.25	openoffice.org-langpack-nr_ZA-2.0.4-5.4.25.x86_64.rpm
RedHat	any	i386	openoffice.org-math	< 2.0.4-5.4.25	openoffice.org-math-2.0.4-5.4.25.i386.rpm
RedHat	any	i386	openoffice.org-langpack-hu_hu	< 2.0.4-5.4.25	openoffice.org-langpack-hu_HU-2.0.4-5.4.25.i386.rpm
RedHat	any	x86_64	openoffice.org-xsltfilter	< 2.0.4-5.4.25	openoffice.org-xsltfilter-2.0.4-5.4.25.x86_64.rpm
RedHat	any	i386	openoffice.org-impress	< 2.0.4-5.4.25	openoffice.org-impress-2.0.4-5.4.25.i386.rpm
RedHat	any	x86_64	openoffice.org-impress	< 2.0.4-5.4.25	openoffice.org-impress-2.0.4-5.4.25.x86_64.rpm
RedHat	any	i386	hsqldb-manual	< 1.8.0.4-3jpp.6	hsqldb-manual-1.8.0.4-3jpp.6.i386.rpm
RedHat	any	i386	openoffice.org-langpack-pt_pt	< 2.0.4-5.4.25	openoffice.org-langpack-pt_PT-2.0.4-5.4.25.i386.rpm
RedHat	any	i386	openoffice.org-langpack-ja_jp	< 2.0.4-5.4.25	openoffice.org-langpack-ja_JP-2.0.4-5.4.25.i386.rpm
RedHat	any	x86_64	openoffice.org-langpack-zh_tw	< 2.0.4-5.4.25	openoffice.org-langpack-zh_TW-2.0.4-5.4.25.x86_64.rpm