漏洞信息详情
OpenOffice元字符远程Shell命令执行漏洞
- CNNVD编号:CNNVD-200703-506
- 危害等级: 中危
- CVE编号: CVE-2007-0239
- 漏洞类型: 输入验证
- 发布时间: 2007-03-21
- 威胁类型: 远程
- 更新时间: 2007-03-22
- 厂 商: openoffice
- 漏洞来源: Debian
漏洞简介
OpenOffice(OOo)是美国阿帕奇(Apache)软件基金会的一款开源的办公软件套件。该套件包含文本文档、电子表格、演示文稿、绘图、数据库等。 OpenOffice没有正确地转义Shell元字符,如果用户受骗打开了恶意文档并点击了其中链接的话,就可能导致注入并执行任意shell命令。
漏洞公告
厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1270-1)以及相应补丁:
DSA-1270-1:New OpenOffice.org packages fix several vulnerabilities
链接: http://www.debian.org/security/2007/dsa-1270
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.dsc
Size/MD5 checksum: 2878 6c4447f2bdd8cde4e10556eacb9aef80
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.diff.gz
Size/MD5 checksum: 4630152 e9d9ee838f73572836b059f8033bdb35
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz
Size/MD5 checksum: 166568714 5250574bad9906b38ce032d04b765772
Architecture independent components:
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 2648700 9dedff380f535381ca48fc23da8c74ae
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 2696106 2eebd4484da0e9a4dcbde3b01e309ba7
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 2692842 e2f0cce7f7ca75c26a55b2615a0d32a2
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 3587952 02a0dcfd7d36cea6433365e4c9acd00f
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 2664822 176c3bd0b24dc4a0700d558e7df15ddd
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 3584442 b7a8d9b8b21a152537ef71d3dce56d54
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 3455220 214fd0769fb967b22521b244a5f8e412
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 2742946 04c91de4bb5b2b6d453ede296693889a
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 3527040 738553a6850160b374d36b7a83f79370
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 3563372 db130e40120c69626e950063eee07a3d
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 2646546 5ebb68935e9a3eba761cc2574717339c
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 2670434 ed48f9c2f37fed09f741ce4f8a690bc5
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 2675206 5f7d1dcd9a1e3ee8c9582da53300e8f4
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 3496040 b65004e7d70e0bc6b94ce5fcba33f21c
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 2659162 dc858e988c2025cc37b76d1b21d400b8
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 2661416 d3ad4533667aa90f52bed28b1525437c
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 2697048 b84ec1f9fa2561e4c2f344b6d6052986
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 2772632 fcb6b507ff92c95c94a85f471a0fa522
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 3557364 ed6dcc2203bb3329ce98c4e626a9ffa7
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 3564910 59cbed0cba5644f4f428fa9cb5551c2d
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 2686506 a7aa7937a1818cb63537746e961c2072
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge6_all.deb
Size/MD5 checksum: 3541338 a411e36d9d06b844628a1bbce51508f1
参考网址
来源: SECTRACK 名称: 1017799 链接:http://www.securitytracker.com/id?1017799 来源: VUPEN 名称: ADV-2007-1032 链接:http://www.frsirt.com/english/advisories/2007/1032 来源: DEBIAN 名称: DSA-1270 链接:http://www.debian.org/security/2007/dsa-1270 来源: issues.rpath.com 链接:https://issues.rpath.com/browse/RPL-1118 来源: issues.foresightlinux.org 链接:https://issues.foresightlinux.org/browse/FL-211 来源: XF 名称: openoffice-shell-command-execution(33113) 链接:http://xforce.iss.net/xforce/xfdb/33113 来源: UBUNTU 名称: USN-444-1 链接:http://www.ubuntu.com/usn/usn-444-1 来源: BID 名称: 22812 链接:http://www.securityfocus.com/bid/22812 来源: REDHAT 名称: RHSA-2007:0069 链接:http://www.redhat.com/support/errata/RHSA-2007-0069.HTML 来源: REDHAT 名称: RHSA-2007:0033 链接:http://www.redhat.com/support/errata/RHSA-2007-0033.HTML 来源: MANDRIVA 名称: MDKSA-2007:073 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:073 来源: GENTOO 名称: GLSA-200704-12 链接:http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml 来源: VUPEN 名称: ADV-2007-1117 链接:http://www.frsirt.com/english/advisories/2007/1117 来源: SUNALERT 名称: 102807 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102807-1 来源: SECUNIA 名称: 24906 链接:http://secunia.com/advisories/24906 来源: SECUNIA 名称: 24810 链接:http://secunia.com/advisories/24810 来源: SECUNIA 名称: 24676 链接:http://secunia.com/advisories/24676 来源: SECUNIA 名称: 24647 链接:http://secunia.com/advisories/24647 来源: SECUNIA 名称: 24646 链接:http://secunia.com/advisories/24646 来源: SECUNIA 名称: 24613 链接:http://secunia.com/advisories/24613 来源: SECUNIA 名称: 24588 链接:http://secunia.com/advisories/24588 来源: SECUNIA 名称: 24550 链接:http://secunia.com/advisories/24550 来源: SECUNIA 名称: 24465 链接:http://secunia.com/advisories/24465 来源: SUSE 名称: SUSE-SA:2007:023 链接:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.HTML
受影响实体
- Openoffice Openoffice
补丁
暂无
评论