OpenOffice元字符远程Shell命令执行漏洞-一一网

漏洞信息详情

OpenOffice元字符远程Shell命令执行漏洞

CNNVD编号：CNNVD-200703-506

危害等级：超危
CVE编号：
CVE-2007-0239
漏洞类型：

输入验证
发布时间：

2007-03-21
威胁类型：

远程
更新时间：

2007-03-22
厂商：

openoffice
漏洞来源：
Debian

漏洞简介

OpenOffice（OOo）是美国阿帕奇（Apache）软件基金会的一款开源的办公软件套件。该套件包含文本文档、电子表格、演示文稿、绘图、数据库等。
OpenOffice没有正确地转义Shell元字符，如果用户受骗打开了恶意文档并点击了其中链接的话，就可能导致注入并执行任意shell命令。

漏洞公告

厂商补丁：
Debian
——
Debian已经为此发布了一个安全公告(DSA-1270-1)以及相应补丁:

DSA-1270-1：New OpenOffice.org packages fix several vulnerabilities

链接：http://www.debian.org/security/2007/dsa-1270” target=”_blank”>
http://www.debian.org/security/2007/dsa-1270

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.dsc

Size/MD5 checksum: 2878 6c4447f2bdd8cde4e10556eacb9aef80

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3-9sarge6.diff.gz

Size/MD5 checksum: 4630152 e9d9ee838f73572836b059f8033bdb35

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org_1.1.3.orig.tar.gz

Size/MD5 checksum: 166568714 5250574bad9906b38ce032d04b765772

Architecture independent components:

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-af_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2648700 9dedff380f535381ca48fc23da8c74ae

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ar_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2696106 2eebd4484da0e9a4dcbde3b01e309ba7

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ca_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2692842 e2f0cce7f7ca75c26a55b2615a0d32a2

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cs_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3587952 02a0dcfd7d36cea6433365e4c9acd00f

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-cy_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2664822 176c3bd0b24dc4a0700d558e7df15ddd

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-da_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3584442 b7a8d9b8b21a152537ef71d3dce56d54

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-de_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3455220 214fd0769fb967b22521b244a5f8e412

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-el_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2742946 04c91de4bb5b2b6d453ede296693889a

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-en_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3527040 738553a6850160b374d36b7a83f79370

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-es_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3563372 db130e40120c69626e950063eee07a3d

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-et_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2646546 5ebb68935e9a3eba761cc2574717339c

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-eu_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2670434 ed48f9c2f37fed09f741ce4f8a690bc5

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fi_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2675206 5f7d1dcd9a1e3ee8c9582da53300e8f4

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-fr_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3496040 b65004e7d70e0bc6b94ce5fcba33f21c

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-gl_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2659162 dc858e988c2025cc37b76d1b21d400b8

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-he_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2661416 d3ad4533667aa90f52bed28b1525437c

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hi_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2697048 b84ec1f9fa2561e4c2f344b6d6052986

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-hu_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2772632 fcb6b507ff92c95c94a85f471a0fa522

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-it_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3557364 ed6dcc2203bb3329ce98c4e626a9ffa7

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ja_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3564910 59cbed0cba5644f4f428fa9cb5551c2d

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-kn_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 2686506 a7aa7937a1818cb63537746e961c2072

http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge6_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/o/openoffice.org/openoffice.org-l10n-ko_1.1.3-9sarge6_all.deb

Size/MD5 checksum: 3541338 a411e36d9d06b844628a1bbce51508f1

参考网址

来源: SECTRACK
名称: 1017799
链接:http://www.securitytracker.com/id?1017799

来源: VUPEN
名称: ADV-2007-1032
链接:http://www.frsirt.com/english/advisories/2007/1032

来源: DEBIAN
名称: DSA-1270
链接:http://www.debian.org/security/2007/dsa-1270

来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-1118

来源: issues.foresightlinux.org
链接:https://issues.foresightlinux.org/browse/FL-211

来源: XF
名称: openoffice-shell-command-execution(33113)
链接:http://xforce.iss.net/xforce/xfdb/33113

来源: UBUNTU
名称: USN-444-1
链接:http://www.ubuntu.com/usn/usn-444-1

来源: BID
名称: 22812
链接:http://www.securityfocus.com/bid/22812

来源: REDHAT
名称: RHSA-2007:0069
链接:http://www.redhat.com/support/errata/RHSA-2007-0069.html

来源: REDHAT
名称: RHSA-2007:0033
链接:http://www.redhat.com/support/errata/RHSA-2007-0033.html

来源: MANDRIVA
名称: MDKSA-2007:073
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:073

来源: GENTOO
名称: GLSA-200704-12
链接:http://www.gentoo.org/security/en/glsa/glsa-200704-12.xml

来源: VUPEN
名称: ADV-2007-1117
链接:http://www.frsirt.com/english/advisories/2007/1117

来源: SUNALERT
名称: 102807
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102807-1

来源: SECUNIA
名称: 24906
链接:http://secunia.com/advisories/24906

来源: SECUNIA
名称: 24810
链接:http://secunia.com/advisories/24810

来源: SECUNIA
名称: 24676
链接:http://secunia.com/advisories/24676

来源: SECUNIA
名称: 24647
链接:http://secunia.com/advisories/24647

来源: SECUNIA
名称: 24646
链接:http://secunia.com/advisories/24646

来源: SECUNIA
名称: 24613
链接:http://secunia.com/advisories/24613

来源: SECUNIA
名称: 24588
链接:http://secunia.com/advisories/24588

来源: SECUNIA
名称: 24550
链接:http://secunia.com/advisories/24550

来源: SECUNIA
名称: 24465
链接:http://secunia.com/advisories/24465

来源: SUSE
名称: SUSE-SA:2007:023
链接:http://lists.suse.com/archive/suse-security-announce/2007-Mar/0007.html

受影响实体

Openoffice Openoffice

更多>>

文章版权归作者所有，未经允许请勿转载。

THE END

信息安全

Free Java Web Server目录遍历漏洞

X.Org X11 XC-MISC扩展整数溢出漏洞

云原生开发者须具备的 1+N 技能，开启第二曲线

Jetpack-LiveData 详解

Thomson Reuters Thomson TWG87OUIR Router‘/goform/RgSecurity’跨站请求伪造漏洞

23种设计模式——单例模式

OpenOffice元字符远程Shell命令执行漏洞

漏洞信息详情

OpenOffice元字符远程Shell命令执行漏洞

漏洞简介

漏洞公告

参考网址

受影响实体