ID de Prueba:	1.3.6.1.4.1.25623.1.0.61129
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2008:0538
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2008:0538. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Sean Larsson found a heap overflow flaw in the OpenOffice memory allocator. If a carefully crafted file was opened by a victim, an attacker could use the flaw to crash OpenOffice.org or, possibly, execute arbitrary code. (CVE-2008-2152) It was discovered that certain libraries in the Red Hat Enterprise Linux 3 and 4 openoffice.org packages had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local user able to convince another user to run OpenOffice in an attacker-controlled directory, could run arbitrary code with the privileges of the victim. (CVE-2008-2366) All users of openoffice.org are advised to upgrade to these updated packages, which contain backported fixes which correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2008-0538.html http://www.redhat.com/security/updates/classification/#important Risk factor : Critical CVSS Score: 9.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2152 BugTraq ID: 29622 http://www.securityfocus.com/bid/29622 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00385.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00473.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00499.html http://security.gentoo.org/glsa/glsa-200807-05.xml http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714 http://www.mandriva.com/security/advisories?name=MDVSA-2008:137 http://www.mandriva.com/security/advisories?name=MDVSA-2008:138 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9787 http://www.redhat.com/support/errata/RHSA-2008-0537.html http://www.redhat.com/support/errata/RHSA-2008-0538.html http://www.securitytracker.com/id?1020219 http://secunia.com/advisories/30599 http://secunia.com/advisories/30633 http://secunia.com/advisories/30634 http://secunia.com/advisories/30635 http://secunia.com/advisories/31029 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237944-1 http://www.vupen.com/english/advisories/2008/1773 http://www.vupen.com/english/advisories/2008/1804/references XForce ISS Database: openoffice-rtlallocatememory-bo(42957) https://exchange.xforce.ibmcloud.com/vulnerabilities/42957 Common Vulnerability Exposure (CVE) ID: CVE-2008-2366 1020278 http://securitytracker.com/id?1020278 29695 http://www.securityfocus.com/bid/29695 30633 RHSA-2008:0538 https://bugzilla.redhat.com/show_bug.cgi?id=450532 oval:org.mitre.oval:def:11361 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11361 redhat-ooo-buildscript-code-execution(43322) https://exchange.xforce.ibmcloud.com/vulnerabilities/43322
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.