![]() ![]()
“It is unknown whether any attacks have occurred as a result of this vulnerability but we recommend that Bugzilla installation administrators screen their current user lists for suspicious activity.” Libreoffice openoffice bug allows hackers signed Patch#“Bugzilla administrators are urged to deploy the patch and upgrade their software immediately,” the Check Point researchers said. The Bugzilla Project released versions 4.0.15, 4.2.11, 4.4.6, and 4.5.6 to address this and other flaws that could also enable cross-site scripting, information leakage and social engineering attacks. The vulnerability affects all Bugzilla versions going back to 2.23.3, which was released in 2006. Furthermore, this access allows attackers to exploit design weaknesses, or even irreversibly destroy bug data, slowing down development.” ![]() “Software bug tracking data is typically closely guarded as it exposes software vulnerabilities and known issues. The Bugzilla Project shared a preliminary patch last week with major software projects that use the application, but the flaw has been in the software for a long time and it’s unclear whether anyone discovered and exploited it independently in the past.īy using the admin credentials obtained through this vulnerability, “attackers can then view and edit private and undisclosed bug details,” the Check Point researchers said in a blog post. 1.The vulnerability was discovered by security researchers from Check Point Software Technologies and was reported to the Bugzilla developers on Sept. 05-Feb- 2019: Received e‑mail from Apache that they don’t consider this to be a security issue because the configuration is so uncommon, but are willing to work together to fix this in OpenOffice 4.25-Jan- 2019: E‑mailed Apache to ask about the status of investigation.6) without a fix for this issue or any communications from Apache 18-Dec- 2018: New OpenOffice release ( 4.11-Dec- 2018: Apache said they are aiming for a new release in January, asking us to postpone the disclosure of the RCE until 31-Jan- 2019.06-Dec- 2018: E‑mailed Apache to ask about the status of investigation.18-Sep- 2018: RCE disclosed to Apache Security Team.See Axel’s excellent blog post for many more details of this issue. We have also made available a Snort rule to detect the use of this API call on your network: We can only recommend, if using OpenOffice or LibreOffice in server mode is absolutely necessary, to use a firewall (possibly host-based) to limit which systems can connect to the API, and to run it in a container using a low-priviliged user account. Apache assigns their own CVE numbers (they are a “CNA”, a “CVE Numbering Authority”, themselves), and they are not recognising this as a security issue. Unfortunately, after five months of trying, we have not been able to convince the Apache Security Team that this is, in fact, a security issue. Although examples tend to use port numbers just above 2000, there is no default port number, so scanning for this issue is not trivial.The “office server” mode is rarely used. ![]() Any user account used to launch OpenOffice or LibreOffice in office server mode can be compromised with relative ease. ![]() Libreoffice openoffice bug allows hackers signed code#No authentication is required, only knowledge of the protocol.ĭetails (without Proof-of-Concept code for now) is available in Axel’s blog post. The API contains a call named XSystemShellExecute which will execute an arbitrary command sent to it as a parameter. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |