- Vulnerability/
- RHSA-2007:1048
RHSA-2007:1048: Moderate: openoffice.org, hsqldb security update
First published: Wed Dec 05 2007(Updated: )
OpenOffice.org is an office productivity suite.<br>HSQLDB is a Java relational database engine used by OpenOffice.org Base.<br>It was discovered that HSQLDB could allow the execution of arbitrary public<br>static Java methods. A carefully crafted odb file opened in OpenOffice.org<br>Base could execute arbitrary commands with the permissions of the user<br>running OpenOffice.org. (CVE-2007-4575)<br>It was discovered that HSQLDB did not have a password set on the 'sa' user.<br> If HSQLDB has been configured as a service, a remote attacker who could<br>connect to the HSQLDB port (tcp 9001) could execute arbitrary SQL commands.<br>(CVE-2003-0845)<br>Note that in Red Hat Enterprise Linux 5, HSQLDB is not enabled as a service<br>by default, and needs manual configuration in order to work as a service.<br>Users of OpenOffice.org or HSQLDB should update to these errata packages<br>which contain backported patches to correct these issues.
| Affected Software | Affected Version | How to fix |
|---|
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2007:1048
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type