OpenOffice元字符远程Shell命令执行漏洞

admin
admin
admin
0
文章
0
评论
2022-07-23 01:51:01 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

OpenOffice元字符远程Shell命令执行漏洞

  • CNNVD编号:CNNVD-200703-506
  • 危害等级: 中危
  • CVE编号: CVE-2007-0239
  • 漏洞类型: 输入验证
  • 发布时间: 2007-03-21
  • 威胁类型: 远程
  • 更新时间: 2007-03-22
  • 厂        商: openoffice
  • 漏洞来源: Debian

漏洞简介

OpenOffice(OOo)是美国阿帕奇(Apache)软件基金会的一款开源的办公软件套件。该套件包含文本文档、电子表格、演示文稿、绘图、数据库等。 OpenOffice没有正确地转义Shell元字符,如果用户受骗打开了恶意文档并点击了其中链接的话,就可能导致注入并执行任意shell命令。

漏洞公告

厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1270-1)以及相应补丁:

DSA-1270-1:New OpenOffice.org packages fix several vulnerabilities

链接: http://www.debian.org/security/2007/dsa-1270

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.dsc

Size/MD5 checksum: 2878 6c4447f2bdd8cde4e10556eacb9aef80

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.diff.gz

Size/MD5 checksum: 4630152 e9d9ee838f73572836b059f8033bdb35

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz

Size/MD5 checksum: 166568714 5250574bad9906b38ce032d04b765772

Architecture independent components:

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2648700 9dedff380f535381ca48fc23da8c74ae

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2696106 2eebd4484da0e9a4dcbde3b01e309ba7

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2692842 e2f0cce7f7ca75c26a55b2615a0d32a2

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3587952 02a0dcfd7d36cea6433365e4c9acd00f

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2664822 176c3bd0b24dc4a0700d558e7df15ddd

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3584442 b7a8d9b8b21a152537ef71d3dce56d54

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3455220 214fd0769fb967b22521b244a5f8e412

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2742946 04c91de4bb5b2b6d453ede296693889a

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3527040 738553a6850160b374d36b7a83f79370

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3563372 db130e40120c69626e950063eee07a3d

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2646546 5ebb68935e9a3eba761cc2574717339c

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2670434 ed48f9c2f37fed09f741ce4f8a690bc5

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2675206 5f7d1dcd9a1e3ee8c9582da53300e8f4

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3496040 b65004e7d70e0bc6b94ce5fcba33f21c

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2659162 dc858e988c2025cc37b76d1b21d400b8

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2661416 d3ad4533667aa90f52bed28b1525437c

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2697048 b84ec1f9fa2561e4c2f344b6d6052986

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2772632 fcb6b507ff92c95c94a85f471a0fa522

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3557364 ed6dcc2203bb3329ce98c4e626a9ffa7

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3564910 59cbed0cba5644f4f428fa9cb5551c2d

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2686506 a7aa7937a1818cb63537746e961c2072

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3541338 a411e36d9d06b844628a1bbce51508f1

参考网址

来源: SECTRACK 名称: 1017799 链接:http://www.securitytracker.com/id?1017799 来源: VUPEN 名称: ADV-2007-1032 链接:http://www.frsirt.com/english/advisories/2007/1032 来源: DEBIAN 名称: DSA-1270 链接:http://www.debian.org/security/2007/dsa-1270 来源: issues.rpath.com 链接:https://issues.rpath.com/browse/RPL-1118 来源: issues.foresightlinux.org 链接:https://issues.foresightlinux.org/browse/FL-211 来源: XF 名称: openoffice-shell-command-execution(33113) 链接:http://xforce.iss.net/xforce/xfdb/33113 来源: UBUNTU 名称: USN-444-1 链接:http://www.ubuntu.com/usn/usn-444-1 来源: BID 名称: 22812 链接:http://www.securityfocus.com/bid/22812 来源: REDHAT 名称: RHSA-2007:0069 链接:http://www.redhat.com/support/errata/RHSA-2007-0069.HTML 来源: REDHAT 名称: RHSA-2007:0033 链接:http://www.redhat.com/support/errata/RHSA-2007-0033.HTML 来源: MANDRIVA 名称: MDKSA-2007:073 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:073 来源: GENTOO 名称: GLSA-200704-12 链接:http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml 来源: VUPEN 名称: ADV-2007-1117 链接:http://www.frsirt.com/english/advisories/2007/1117 来源: SUNALERT 名称: 102807 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102807-1 来源: SECUNIA 名称: 24906 链接:http://secunia.com/advisories/24906 来源: SECUNIA 名称: 24810 链接:http://secunia.com/advisories/24810 来源: SECUNIA 名称: 24676 链接:http://secunia.com/advisories/24676 来源: SECUNIA 名称: 24647 链接:http://secunia.com/advisories/24647 来源: SECUNIA 名称: 24646 链接:http://secunia.com/advisories/24646 来源: SECUNIA 名称: 24613 链接:http://secunia.com/advisories/24613 来源: SECUNIA 名称: 24588 链接:http://secunia.com/advisories/24588 来源: SECUNIA 名称: 24550 链接:http://secunia.com/advisories/24550 来源: SECUNIA 名称: 24465 链接:http://secunia.com/advisories/24465 来源: SUSE 名称: SUSE-SA:2007:023 链接:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.HTML

受影响实体

  • Openoffice Openoffice  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0