[openoffice.org] [CVE-2007-4575] Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)
Bug #174112 reported by
disabled.user
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| hsqldb (Gentoo Linux) |
Fix Released
|
Medium
|
|||
| openoffice.org (Gentoo Linux) |
Fix Released
|
High
|
|||
| openoffice.org (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
| Dapper |
Fix Released
|
Critical
|
Kees Cook | ||
| Edgy |
Won't Fix
|
Critical
|
Kees Cook | ||
| Feisty |
Fix Released
|
Critical
|
Kees Cook | ||
| Gutsy |
Fix Released
|
Critical
|
Kees Cook | ||
Bug Description
Binary package hint: openoffice.org
References:
http://
Quoting:
"A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user."
CVE References
| Changed in openoffice.org: | |
| assignee: | nobody → ccheney |
| importance: | Undecided → Critical |
| status: | New → Confirmed |
Revision history for this message
| Chris Cheney (ccheney) wrote | #1 |
Revision history for this message
| NoOp (glgxg) wrote | #2 |
Revision history for this message
| Chris Cheney (ccheney) wrote | #3 |
| Changed in openoffice.org: | |
| status: | Confirmed → In Progress |
| Changed in hsqldb: | |
| status: | Unknown → Fix Released |
| Changed in openoffice.org: | |
| status: | Unknown → Fix Released |
| Changed in openoffice.org: | |
| assignee: | ccheney → nobody |
| status: | In Progress → Fix Released |
| assignee: | nobody → ccheney |
| importance: | Undecided → Critical |
| status: | New → In Progress |
| assignee: | nobody → ccheney |
| importance: | Undecided → Critical |
| status: | New → In Progress |
| assignee: | nobody → ccheney |
| importance: | Undecided → Critical |
| status: | New → In Progress |
| assignee: | nobody → ccheney |
| importance: | Undecided → Critical |
| status: | New → In Progress |
Revision history for this message
| Chris Cheney (ccheney) wrote | #4 |
Revision history for this message
| disabled.user (disabled.user-deactivatedaccount) wrote | #5 |
Revision history for this message
| Kees Cook (kees) wrote Re: [Bug 174112] Re: [openoffice.org] [CVE-2007-4575] Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB) | #6 |
Revision history for this message
| Kees Cook (kees) wrote | #7 |
| Changed in openoffice.org: | |
| assignee: | ccheney → keescook |
| status: | In Progress → Won't Fix |
| assignee: | ccheney → keescook |
| status: | In Progress → Fix Released |
| assignee: | ccheney → keescook |
| status: | In Progress → Fix Released |
| assignee: | ccheney → keescook |
| status: | In Progress → Fix Released |
| Changed in openoffice.org (Gentoo Linux): | |
| importance: | Unknown → High |
| Changed in hsqldb (Gentoo Linux): | |
| importance: | Unknown → Medium |
To post a comment you must log in.
I'm sorry I didn't respond to this bug earlier. I am working with the hsqldb author on a fix that won't require any changes to the openoffice.org codebase which allows us to not have to push as much data out. Hopefully this will be rolled out by the end of the week.
Thanks,
Chris Cheney