Stay Secure with the Latest Linux Advisories

security advisorymoderatesecurity update

Scientific Linux 5.x: Moderate Risk from OpenOffice.org HSQLDB SQL Commands

Moderate: openoffice.org, hsqldb security update. Date: Thu, 6 Dec 2007 13:58:29 -0600 Reply-To: Troy Dawson Sender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA for openoffice.org, hsqldb on SL5.x i386/x86_64 Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it." Synopsis: Moderate: openoffice.org, hsqldb security update Issue date: 2007-12-05 CVE Names: CVE-2003-0845 CVE-2007-4575 It was discovered that HSQLDB could allow the execution of arbitrary public static Java methods. A carefully crafted odb file opened in OpenOffice.org Base could execute arbitrary commands with the permissions of the user running OpenOffice.org. (CVE-2007-4575) It was discovered that HSQLDB did not have a password set on the 'sa' user. If HSQLDB has been configured as a service, a remote attacker who could connect to the HSQLDB port (tcp 9001) could execute arbitrary SQL commands. (CVE-2003-0845) Note that in Scientific Linux 5, HSQLDB is not enabled as a service by default, and needs manual configuration in order to work as a service. SL 5.x SRPMS: hsqldb-1.8.0.4-3jpp.6.src.rpm openoffice.org-2.0.4-5.4.25.src.rpm i386: hsqldb-1.8.0.4-3jpp.6.i386.rpm hsqldb-demo-1.8.0.4-3jpp.6.i386.rpm hsqldb-javadoc-1.8.0.4-3jpp.6.i386.rpm hsqldb-manual-1.8.0.4-3jpp.6.i386.rpm openoffice.org-base-2.0.4-5.4.25.i386.rpm openoffice.org-calc-2.0.4-5.4.25.i386.rpm openoffice.org-core-2.0.4-5.4.25.i386.rpm openoffice.org-draw-2.0.4-5.4.25.i386.rpm openoffice.org-emailmerge-2.0.4-5.4.25.i386.rpm openoffice.org-graphicfilter-2.0.4-5.4.25.i386.rpm openoffice.org-impress-2.0.4-5.4.25.i386.rpm openoffice.org-javafilter-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-af_ZA-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-ar-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-as_IN-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-bg_BG-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-bn-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-ca_ES-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-cs_CZ-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-cy_GB-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-da_DK-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-de-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-el_GR-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-es-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-et_EE-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-eu_ES-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-fi_FI-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-fr-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-ga_IE-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-gl_ES-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-gu_IN-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-he_IL-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-hi_IN-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-hr_HR-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-hu_HU-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-it-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-ja_JP-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-kn_IN-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-ko_KR-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-lt_LT-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-ml_IN-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-mr_IN-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-ms_MY-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-nb_NO-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-nl-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-nn_NO-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-nr_ZA-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-nso_ZA-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-or_IN-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-pa_IN-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-pl_PL-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-pt_BR-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-pt_PT-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-ru-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-sk_SK-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-sl_SI-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-sr_CS-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-ss_ZA-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-st_ZA-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-sv-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-ta_IN-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-te_IN-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-th_TH-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-tn_ZA-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-tr_TR-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-ts_ZA-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-ur-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-ve_ZA-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-xh_ZA-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-zh_CN-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-zh_TW-2.0.4-5.4.25.i386.rpm openoffice.org-langpack-zu_ZA-2.0.4-5.4.25.i386.rpm openoffice.org-math-2.0.4-5.4.25.i386.rpm openoffice.org-pyuno-2.0.4-5.4.25.i386.rpm openoffice.org-testtools-2.0.4-5.4.25.i386.rpm openoffice.org-writer-2.0.4-5.4.25.i386.rpm openoffice.org-xsltfilter-2.0.4-5.4.25.i386.rpm x86_64: hsqldb-1.8.0.4-3jpp.6.x86_64.rpm hsqldb-demo-1.8.0.4-3jpp.6.x86_64.rpm hsqldb-javadoc-1.8.0.4-3jpp.6.x86_64.rpm hsqldb-manual-1.8.0.4-3jpp.6.x86_64.rpm openoffice.org-base-2.0.4-5.4.25.x86_64.rpm openoffice.org-calc-2.0.4-5.4.25.x86_64.rpm openoffice.org-core-2.0.4-5.4.25.x86_64.rpm openoffice.org-draw-2.0.4-5.4.25.x86_64.rpm openoffice.org-emailmerge-2.0.4-5.4.25.x86_64.rpm openoffice.org-graphicfilter-2.0.4-5.4.25.x86_64.rpm openoffice.org-impress-2.0.4-5.4.25.x86_64.rpm openoffice.org-javafilter-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-af_ZA-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-ar-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-as_IN-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-bg_BG-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-bn-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-ca_ES-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-cs_CZ-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-cy_GB-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-da_DK-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-de-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-el_GR-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-es-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-et_EE-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-eu_ES-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-fi_FI-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-fr-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-ga_IE-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-gl_ES-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-gu_IN-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-he_IL-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-hi_IN-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-hr_HR-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-hu_HU-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-it-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-ja_JP-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-kn_IN-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-ko_KR-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-lt_LT-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-ml_IN-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-mr_IN-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-ms_MY-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-nb_NO-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-nl-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-nn_NO-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-nr_ZA-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-nso_ZA-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-or_IN-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-pa_IN-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-pl_PL-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-pt_BR-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-pt_PT-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-ru-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-sk_SK-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-sl_SI-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-sr_CS-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-ss_ZA-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-st_ZA-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-sv-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-ta_IN-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-te_IN-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-th_TH-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-tn_ZA-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-tr_TR-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-ts_ZA-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-ur-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-ve_ZA-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-xh_ZA-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-zh_CN-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-zh_TW-2.0.4-5.4.25.x86_64.rpm openoffice.org-langpack-zu_ZA-2.0.4-5.4.25.x86_64.rpm openoffice.org-math-2.0.4-5.4.25.x86_64.rpm openoffice.org-pyuno-2.0.4-5.4.25.x86_64.rpm openoffice.org-testtools-2.0.4-5.4.25.x86_64.rpm openoffice.org-writer-2.0.4-5.4.25.x86_64.rpm openoffice.org-xsltfilter-2.0.4-5.4.25.x86_64.rpm -Connie Sieh -Troy Dawson . A security bulletin has been released for openoffice.org and hsqldb on ScientificLinux, addressing vulnerabilities related to SQL commands that may threaten databases' integrity. Scientific Linux, openoffice.org, hsqldb update, security advisory, SQL commands. . Severity: Important. LinuxSecurity.com Team

Dec 06, 2007 •Important Scientific Linux