Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: I couldn't update OpenOffice.org from Secunia.

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
OpenOffice.org
And, this specific program:
OpenOffice.org 3.x

This thread has been marked as locked.
Jesant13 I couldn't update OpenOffice.org from Secunia.
Member 23rd Mar, 2012 22:47
Ranking: -3
Posts: 40
User Since: 10th Sep, 2009
System Score: 100%
Location: US
Today I did a manual scan and the Secunia PSI (I have version 2.0.0.4003) let me know that there was a new version of OpenOffice.org. I attempted to update to the latest version through OpenOffice.org, which failed. I then downloaded a file from Secunia. The file name was OOo_3.3.9567.500.exe. The download URL was http://dl.secunia.com/SPS/OOo_3.3.9567.500.exe.

I closed OpenOffice.org before running what I had downloaded, and I saw that there was an increased amount of hard drive activity, but after a while the activity decreased to what I think was around the amount of activity there was before I ran the program. I thought maybe it was done updating, so I did another scan but the Secunia PSI said that there was still a vulnerability. I also tried running the program as an administrator (I am an administrator on my computer and I use an administrator account) but it didn't work.

According to the Secunia PSI, I have version 3.3.9549.500 of OpenOffice.org, and the version that patches the vulnerability is 3.3.0. That doesn't make sense to me, because I think 3.3.0 is a lower version number. The path where OpenOffice.org is detected is C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe.


Anthony Wells RE: I couldn't update OpenOffice.org from Secunia.
Expert Contributor 23rd Mar, 2012 23:40
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 23rd Mar, 2012 23:53
HI ,

Support will not be back here until Monday (CET) , so in the interim :-

If you open your OOo program and look in the Help menu (top left) you will see "About OpenOffice.org" and there you will see that you have version 3.3.0 plus a build number . The metadata the PSI is reading does not have the 0 and adds the build number plus .500 .

Before your post , my version was displayed by the PSI as 3.3.9567.500 (Patched) and after I ran a full scan , it shows like your's as 3.3.9549.500 (insecure) .

In the programme's "About ...." I have build 9567 , but if I mouse over the detected file (in it's folder) :-

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe.

I see version 3.3.9556.500 . Now that is the file which actually detects the programme but it may not be the file the PSI uses to detect the installed version (this is quite normal for many programmes) .

Something is wrong somewhere and this is not the first installer/detection problem from recent days .

There is nothing you can do before next Monday , other than to check your version in "About..." ; in the past when there have been rule detection problems this is usually accurate concerning your version .

Hope that is clear enuff , if not ask again .

EDIT:I have just tried to check for updates from the programme's Help menu with no success ; I usually update from here and never use the Secunia PSI installer :-

http://www.openoffice.org/

You may wish to try the installer(s) here , if you have the time to spare .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
This user no longer exists RE: I couldn't update OpenOffice.org from Secunia.
Member 24th Mar, 2012 17:40
I have exactly the same problem as described by Jsant13 and refined by Anthony Wells with one minor difference. A scheduled PSI scan ran yesterday and reports the file C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe as v. 3.3.9549.500. Looking up that file in Windows Explorer tells me that Windows reports the file as 3.3.9556.500. Meanwhile, Openoffice.org about reports itself as OOO330m20 (Build:9567).
I re-downloaded the installer and ran it, but it stopped with the message that the current version is already installed.
I am now trying to run a repair installation from the Programs and Features module of Control Panel but I'm getting an error message when the install dialogue asks for the folder containing the openoffice33.msi installer. It's already pointing to the right place but when I browse to it anyway the install routine tells me "the resource is in a network location that is unavailable."
I have to quit for now. I'll try to report back when I have a chance to try again.
Was this reply relevant?
+0
-0
Jesant13 RE: I couldn't update OpenOffice.org from Secunia.
Member 24th Mar, 2012 20:05
Score: -3
Posts: 40
User Since: 10th Sep 2009
System Score: 100%
Location: US
I uninstalled OpenOffice.org yesterday. I did so because I was unable to check for updates in the program. I learned that was because Oracle gave OpenOffice.org to the Apache Software Foundation. I think the program still points to one or more servers which either no longer exist or now refuse requests from OpenOffice.org.

I replaced it with LibreOffice. LibreOffice is a fork of OpenOffice.org. I contacted Secunia by email because the Secunia PSI is detecting the wrong version of LibreOffice and saying that the program is insecure and that a solution is available. I also provided a link to this thread in the email.
Was this reply relevant?
+0
-0
Websafe RE: I couldn't update OpenOffice.org from Secunia.
Member 24th Mar, 2012 21:10
Score: 79
Posts: 105
User Since: 24th May 2009
System Score: 100%
Location: NL
Hello all,

There is also a patch from from OpenOffice (The Apache Software Foundation) to solve the vulnerability.

From Secunia Advisory SA48494
link: http://secunia.com/advisories/48494
scrolling down half page there is a link from Original Advisory:
http://www.openoffice.org/security/cves/CVE-2012-0...

Here you find OpenOffice's explanation about the vulnerability and again halfway the page a link to download the patch:
http://www.apache.org/dyn/closer.cgi/incubator/ooo...

This file: 2012-0037-win.zip includes: unordfmi.dll version 3.3.9567.500, which replaces unordfmi.dll version 3.3.9549.500.

Myself, I have first applied the patch from OpenOffice, and after this run the install solution from PSI; Ooo_3.3.9567.500.exe (see the first post).

Currently PSI 2.0.0.3003 reports OpenOffice version 3.3.9567.500 as secure.

Have a nice day,

Websafe.
Was this reply relevant?
+6
-0
This user no longer exists RE: I couldn't update OpenOffice.org from Secunia.
Member 24th Mar, 2012 22:19
Two issues:
1} I can't download from any of these links. All I get is a 403 Forbidden error that includes a rude laugh track.
2) My installation of PSI 2.0.0.3003 reports my OOo installation as 3.3.5949.500 and in-secure, while Windows Explorer reports it as 3.3.2556 and OOo self-reports as OOOm20 (Build:9567) as I reported in my earlier post.
Thanks
Was this reply relevant?
+1
-0
Websafe RE: I couldn't update OpenOffice.org from Secunia.
Member 25th Mar, 2012 00:17
Score: 79
Posts: 105
User Since: 24th May 2009
System Score: 100%
Location: NL
Last edited on 25th Mar, 2012 00:23
on 24th Mar, 2012 22:19, wrote:
Two issues:
1} I can't download from any of these links. All I get is a 403 Forbidden error that includes a rude laugh track.
2) My installation of PSI 2.0.0.3003 reports my OOo installation as 3.3.5949.500 and in-secure, while Windows Explorer reports it as 3.3.2556 and OOo self-reports as OOOm20 (Build:9567) as I reported in my earlier post.
Thanks

Hello Madmonk,

1) Not sure why you are receiving a 403. Apache tries to find a close mirror.
You might try from: http://www.openoffice.org/security/cves/CVE-2012-0...
and use the blue link: For Windows installs, perhaps Apache will find a correct mirror.
2) My guess is; PSI gets “confused” by the versions of soffice.exe and unordfmi.dll.

Good luck,

Websafe.
Was this reply relevant?
+1
-0
mikebonk RE: I couldn't update OpenOffice.org from Secunia.
Member 25th Mar, 2012 00:26
Score: 4
Posts: 1
User Since: 25th Mar 2012
System Score: N/A
Location: US
Before I came here for a solution, I downloaded the latest greatest from OpenOffice.org and reinstalled. It still contained the bad version of unordfmi.dll.

I, too, encountered a number of download mirrors that rejected my request to download, but found:

http://mirror.metrocast.net/apache/incubator/ooo/3...

working (fifth link on the patches page:

http://www.apache.org/dyn/closer.cgi/incubator/ooo...

if you don't trust my link.)

Replaced the existing unordfmi.dll with the one in the zip package and all is well.
Was this reply relevant?
+4
-0
tinybob RE: I couldn't update OpenOffice.org from Secunia.
Member 25th Mar, 2012 00:37
Score: 1
Posts: 1
User Since: 25th Jun 2009
System Score: N/A
Location: N/A
I had the same exact problem...hope they solve this issue soon.

The latest version is 3.3.0 on the download site for Open Office.
Was this reply relevant?
+1
-0
MaxLV128 RE: I couldn't update OpenOffice.org from Secunia.
Member 25th Mar, 2012 09:02
Score: -2
Posts: 17
User Since: 22nd May 2009
System Score: N/A
Location: NZ
Last edited on 25th Mar, 2012 09:04
Downloaded the zip file from apache, extracted unordfmi.dll v3.3.9567.500 and copied it to the OO program directory as per the pdf instructions.

PSI still says OO is insecure!!! (even after a reboot) It claims:

The version detected of Open Office.org 3.x was 3.3.9556.500 while the latest version including one or more security fixes is 3.3.0.

Open Office Help/About says it's 3.3.0 m20 (Build 9567)

The properties of unordfmi.dll in the OO Program directory show it as v3.3.9567.500

PSI is obviously NOT detecting the update.
Was this reply relevant?
+0
-0
douglas_s RE: I couldn't update OpenOffice.org from Secunia.
Member 25th Mar, 2012 18:01
Score: 0
Posts: 3
User Since: 14th May 2011
System Score: N/A
Location: US
I removed Secunia psi 2 and loaded secunia psi 3 in an attempt to see if this would stop Secunia from telling me that VLC media player 1.1.11 was detected as insecure when it had previously been removed and replaced with VLC 2.0.1 i.e. 1.1.11 was no where on my Windows 7 64 bit machine. After the initial scan of psi 3 up pops the same Open Office problem that is being discussed in this thread i.e. I have 3.3.9567 but psi is "detecting" 3.3.9549. I understand this is freeware and I do appreciate this fact however the lack of accuracy seems to be compounding.
Was this reply relevant?
+0
-0
This user no longer exists RE: I couldn't update OpenOffice.org from Secunia.
Member 25th Mar, 2012 18:30
Thanks for the suggestions, Websafe. I had already tried using the link from www.openoffice.org . It just brings me to the same Apache download links, where I am still forbidden access whether I use the default mirror or select another.

Regarding the different version information, I notice that all the .exe-s for open office (soffice.exe, swriter.exe, etc, all show as 3.3.9556 in Windows Explorer. The .dll-s are a different story, they are a mix of versions from 3.12 to 3.3.9567. I assume that when installing a new version only the revised files are replaced. I'm not sure how this affects Secunia detection.

I uninstalled OOo and re-installed using a newly downloaded installer for the current version, but everything remains as I have described it.

Thanks
Was this reply relevant?
+0
-0
This user no longer exists RE: I couldn't update OpenOffice.org from Secunia.
Member 25th Mar, 2012 19:26
mikebonk, Thank you! Worked like a charm. Secunia is now satisfied.
Was this reply relevant?
+0
-0
Anthony Wells RE: I couldn't update OpenOffice.org from Secunia.
Expert Contributor 25th Mar, 2012 20:59
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello again ,

Been busy over the weekend , so to update :-

1)Thanks to Websafe for putting us in the right place .

2)I received an email from OOo the other day saying to reregister with the Apache site , I have not (yet) done so and missed their update on this problem ; I would recommend subscribing if you stay with OOo :-

ooo-announce-subscribe@incubator.apache.org

3)As I said above , the PSI probably uses the soffice.exe file to detect the software on your system and was/is using another file to detect your version (this is quite common practice) . It is likely that the vulnerability caused them to use the unordfmi.dll file to detect the version and thus obtain the 9549 insecure version display in the PSI . In this case , the programme's "About .... " is accurate as 9567 , but only in the sense that it contains the vulnerable .dll file and the PSI 'sdisplay of your programme as "insecure" takes precedence .

4)Apache (from Websafe's link above) gave me a pretty French mirror and immediately downloaded the CVE 2012-0037-win.zip file . I unpacked it , read the advice and in my case (on my XP SP3 system) copied and pasted the "unordfmi.dll" (version 9567)** file into the relevant directory and allowed it to replace the old (9549) version . A full system PSI scan (no reboot needed) gave me back my "Patched" and up to date OOo verion 9567 display . **So atm this is probably the file beeing used by Secunia to detect your version .

5)Within all this and the seeming lack of cooperation/organisation between Oracle and Apache , it is quite possible that the 9567 .exe installer offered by Secunia is incorrect/will not work . Secunia do not usually monitor workarounds as one might describe the Apache patch but it seems to work in this case . Hopefully they will sort out their installer problems when they are back on the PSI tomorrow .

6)the Apache site suggests that version 3.4 will soon be forthcoming .

Hope that is clear enuff and that my first post did not cause too much confusion or overconfidence in the software's "About" .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+6
-0
MaxLV128 RE: I couldn't update OpenOffice.org from Secunia.
Member 26th Mar, 2012 01:31
Score: -2
Posts: 17
User Since: 22nd May 2009
System Score: N/A
Location: NZ
Last edited on 26th Mar, 2012 01:39
I still have PSI saying OO is insecure, after doing EXACTLY what you have done!

It just does NOT recognise that the patch (updated DLL) has been installed.

Tell me, do you have OO installed in the default install location? (C:/Program files)

Why would PSI be using Soffice.exe to check if inordfmi.dll has been updated or not, when the security advisory is about unordfmi.dll and the patch provides a patched/updated unordfmi.dll. That just doesn't make any sense!

No, PSI is broken as far as this update to OO is concerned.

Was this reply relevant?
+0
-0
Haydn RE: I couldn't update OpenOffice.org from Secunia.
Member 26th Mar, 2012 04:25
Score: 0
Posts: 1
User Since: 24th Jun 2011
System Score: N/A
Location: N/A
I used your fix. It worked!
Thank you
Was this reply relevant?
+0
-0
J.Vemmer RE: I couldn't update OpenOffice.org from Secunia.
Secunia Official 26th Mar, 2012 09:33
Score: 5
Posts: 20
User Since: 5th Oct 2011
System Score: N/A
Location: Copenhagen, DK
Hi,

We are currently employing SPS packages to apply security patches that several vendors seem unwilling to deploy in a regular update package or .exe format. OpenOffice 3.3 is one such example.

The latest stable version of OpenOffice is (at the time of posting) 3.3 - However, this version suffers from a vulnerability connected to one of the .dll files used in that version. The vendor decided that releasing a fixed .dll file and having users replace it manually, is acceptable.
We instead decided to wrap up the fixed .dll file in an SPS package, which allows us to replace the vulnerable file with the secure file. A full rescan after running the install package after downloading and running the solution from our server (http://dl.secunia.com/SPS/OOo_3.3.9567.500.exe) should provide you with a correct scan result.

To clear up the remaining confusion about why 3.3.9549.500 is insecure, and why 3.3 will fix that:
3.3 is the major version of OpenOffice, while 9549.500 is the minor version of the vulnerable .dll file.
Applying the patch from our server, or performing the swap manually (see the original advisory - http://www.openoffice.org/security/cves/CVE-2012-0... - for details) will both update the .dll file to 9567.500, and will both require a full rescan to be detected correctly. This means that if your PSI scan results show your installation as 3.3.9549.500, you have not yet applied the fixed .dll file to your installation.

Finally, the reason many users are in doubt as to whether or not they are patched, after downloading the OOo_3.3.9567.500.exe package through the PSI, is that nothing visibly happens. The reason is that (as mentioned earlier) this is not an actual installer, but a file swap.
We debated the topic of whether or not we should create some sort of visual effect that a user has been succesfully patched, but ultimately agreed to go with the completely silent approach.

Please feel free to contact us with further questions, or if you are experiencing issues.

--
Kind regards,

Jais Vemmer
xSI Signatures Specialist
MaxLV128 RE: I couldn't update OpenOffice.org from Secunia.
Member 26th Mar, 2012 13:10
Score: -2
Posts: 17
User Since: 22nd May 2009
System Score: N/A
Location: NZ
Last edited on 26th Mar, 2012 13:29
on 26th Mar, 2012 09:33, J.Vemmer wrote:
Hi,

We are currently employing SPS packages to apply security patches that several vendors seem unwilling to deploy in a regular update package or .exe format. OpenOffice 3.3 is one such example.

The latest stable version of OpenOffice is (at the time of posting) 3.3 - However, this version suffers from a vulnerability connected to one of the .dll files used in that version. The vendor decided that releasing a fixed .dll file and having users replace it manually, is acceptable.
We instead decided to wrap up the fixed .dll file in an SPS package, which allows us to replace the vulnerable file with the secure file. A full rescan after running the install package after downloading and running the solution from our server (http://dl.secunia.com/SPS/OOo_3.3.9567.500.exe) should provide you with a correct scan result.

To clear up the remaining confusion about why 3.3.9549.500 is insecure, and why 3.3 will fix that:
3.3 is the major version of OpenOffice, while 9549.500 is the minor version of the vulnerable .dll file.
Applying the patch from our server, or performing the swap manually (see the original advisory - http://www.openoffice.org/security/cves/CVE-2012-0... - for details) will both update the .dll file to 9567.500, and will both require a full rescan to be detected correctly. This means that if your PSI scan results show your installation as 3.3.9549.500, you have not yet applied the fixed .dll file to your installation.

Finally, the reason many users are in doubt as to whether or not they are patched, after downloading the OOo_3.3.9567.500.exe package through the PSI, is that nothing visibly happens. The reason is that (as mentioned earlier) this is not an actual installer, but a file swap.
We debated the topic of whether or not we should create some sort of visual effect that a user has been succesfully patched, but ultimately agreed to go with the completely silent approach.

Please feel free to contact us with further questions, or if you are experiencing issues.


This 'patch' is NOT working!

I HAVE applied the updated dll in the OO prgram folder as per the manual patch instructions.
and by your exe download OO Verifies that it is 3.3.0m (Build 9567)

unordfmi.dll is 3.3.9567.500

PSI simply CANNOT see that OO has been patched either by your OOo_3.3.9567.500.exe package, or when using the manual patch method as described in the pdf instrucions.

Where does PSI look for this patch? Is it ONLY in the default install location (C:Programs) or where OO is actually installed (D:OpenOffice in my case)

I deleted unordfmi.dll from the OO program directory; ran a full scan with PSI, it still says OO is insecure with the following:
----
This program was detected as Insecure, it is strongly recommended that you apply the latest security patch from the vendor of the program.

The version detected of OpenOffice.org 3.x was 3.3.9556.500 while the latest version including one or more security fixes is 3.3.0.
---

I then ran your patch OOo_3.3.9567.500.exe. Guess what. It DID NOT install unordfmi.dll in the OO program directory.

I did a complete search of ALL drives on the computer for unordfmi.dll and the ONLY place it is found is in the download directory where I downloaded the Apache zip file and your exe patch.

Where EXACTLY is OOo_3.3.9567.500.exe putting unordfmi.dll?

This patch and PSI is currently broken as far as OO is concerned....

Was this reply relevant?
+0
-0
J.Vemmer RE: I couldn't update OpenOffice.org from Secunia.
Secunia Official 26th Mar, 2012 15:33
Score: 5
Posts: 20
User Since: 5th Oct 2011
System Score: N/A
Location: Copenhagen, DK
Last edited on 26th Mar, 2012 15:35
The OOo_3.3.9567.500.exe replaces the old unordfmi.dll with the new one. Meaning it's put exactly where the old one was. This also means, if there is no old file present (like if you deleted it), it will not be replaced. Have you tried putting the new file (the one you downloaded from the Apache site) into the folder, as per the instructions that came with it?

There's several things that may or may not be the cause of the error that you're experiencing:

1) Is there an OpenOffice 3.3 installation present on other drives than D:\? Backup drive perhaps? If in doubt, please locate OpenOffice 3.3 in your scan-results, click the small "+" icon to the left and see where the detected instance is found.

2) Is your PSI scanning drive D:\ at all? If in doubt, please click "Settings" under "Configuration", navigate to the "Drives" tab and ensure there is a checkmark at D:

3) It would help a lot if you posted the troubleshoot report for us to see, as it may contain information we can use in order to help you. If in doubt, please locate OpenOffice 3.3 in your scan-results, double-click it, and click "Troubleshoot Report" in the Toolbox at the upper right corner of the screen.

4) Have you run a full rescan after applying either patches? This is required if the change is to be picked up.

If you do not wish to post any of this information in public, you are very welcome to contact us by e-mail.

--
Kind regards,

Jais Vemmer
xSI Signatures Specialist
Anthony Wells RE: I couldn't update OpenOffice.org from Secunia.
Expert Contributor 26th Mar, 2012 15:59
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

HI ,

If I might add , in my (recent) experience a detection problem on a specific system can be caused by a "bug/corruption" of the specific PSI . A reinstall of the PSI should also be considered as a possible solution to what seems to be a (slightly) different problem to that posted by the OP .

Hope that helps .

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
PAhlers RE: I couldn't update OpenOffice.org from Secunia.
Member 26th Mar, 2012 20:55
Score: 0
Posts: 2
User Since: 21st Dec 2007
System Score: N/A
Location: N/A
Having identical problem. Should be an easy fix for Secunia. Thought that they would fix this by now.
Was this reply relevant?
+0
-0
Anthony Wells RE: I couldn't update OpenOffice.org from Secunia.
Expert Contributor 26th Mar, 2012 21:17
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello @PAhlers ,

You are taging on to a post that the OP could close at anytime ; in the interim , exactly which problem in this thread are you identical to ??

The main problem of updating the 3.3 software is resolved and one poster appears to have a slightly different detection problem .

If you require help , please post your Troubleshoot Report as suggested by the Secunia Official in the post above :-

QUOTE: ""3) It would help a lot if you posted the troubleshoot report for us to see, as it may contain information we can use in order to help you. If in doubt, please locate OpenOffice 3.3 in your scan-results, double-click it, and click "Troubleshoot Report" in the Toolbox at the upper right corner of the screen .""

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
PAhlers RE: I couldn't update OpenOffice.org from Secunia.
Member 26th Mar, 2012 22:48
Score: 0
Posts: 2
User Since: 21st Dec 2007
System Score: N/A
Location: N/A
Manual installation of "new" dll now scans as Secure.
Was this reply relevant?
+0
-0
MaxLV128 RE: I couldn't update OpenOffice.org from Secunia.
Member 27th Mar, 2012 07:02
Score: -2
Posts: 17
User Since: 22nd May 2009
System Score: N/A
Location: NZ
Last edited on 27th Mar, 2012 09:09
on 26th Mar, 2012 15:33, J.Vemmer wrote:
The OOo_3.3.9567.500.exe replaces the old unordfmi.dll with the new one. Meaning it's put exactly where the old one was. This also means, if there is no old file present (like if you deleted it), it will not be replaced. Have you tried putting the new file (the one you downloaded from the Apache site) into the folder, as per the instructions that came with it?

There's several things that may or may not be the cause of the error that you're experiencing:

1) Is there an OpenOffice 3.3 installation present on other drives than D:\? Backup drive perhaps? If in doubt, please locate OpenOffice 3.3 in your scan-results, click the small "+" icon to the left and see where the detected instance is found.

2) Is your PSI scanning drive D:\ at all? If in doubt, please click "Settings" under "Configuration", navigate to the "Drives" tab and ensure there is a checkmark at D:

3) It would help a lot if you posted the troubleshoot report for us to see, as it may contain information we can use in order to help you. If in doubt, please locate OpenOffice 3.3 in your scan-results, double-click it, and click "Troubleshoot Report" in the Toolbox at the upper right corner of the screen.

4) Have you run a full rescan after applying either patches? This is required if the change is to be picked up.

If you do not wish to post any of this information in public, you are very welcome to contact us by e-mail.



As requested:

---START---

Program Name:
OpenOffice.org 3.x

Security State:
Insecure

Download Link:
http://dl.secunia.com/SPS/OOo_3.3.9567.500.exe

Instances Found:
D:\Open Office\program\soffice.exe, version: 3.3.9556.500

Last System Scan (localtime):
27. Mar 2012, 17:44

Operating System:
Microsoft Windows 7, Microsoft Windows 7

---END---

There is no other OO install on this computer or any other computer on the network; It's only installed on D:\Open Office.

I have tried the manual install option, (as per my previous reply) and have just run another full scan ie: (Searching files on local fixed drives ( C:, D:, E:, F:, G:, H: ))

I have also run full scans after running the exe patch with the old dll, it does update it to the patched one, but PSI DOES NOT see that the dll has been updated at all.

I'll try a reinstall of PSI....

Update:
Uninstalled PSI completely, reinstalled. Still says patched OO is insecure!

Did a repair install of OO, reverts back to the old insecure DLL. Ran the OOo_3.3.9567.500.exe patch, it updated the DLL as it should. Ran a full scan with PSI, still says OO is INSECURE!

Uninstalled OO Completely, downloaded install from http://www.openoffice.org/ ran the install. OO reinstalled, with unordfmi.dll 3.3.9567.500 being installed.

Ran full PSI scan, still says OO is INSECURE!!!

Ran a full PSI scan on my back up server, PSI says the mirror image backup of OO is insecure!!

Created an ignore rule in PSI for OO until Secunia finally admit that PSI has a problem detecting the OO update (and fix it...)

Maybe this is a repeat of the Adobe reader problem they had in 2010 where they had an invalid 'include' in the PSI scan rules and it couldn't detect that Adobe Reader had been updated when it had. The symptoms are very similar...

Just reviewed the previous thread at:
Forum Thread: Solution to Adobe Reader

And the symptoms aren't just similar, they're EXACTLY the same. PSI will NOT recognise an update has been done unless the supposedly insecure program is installed in the default C:\programs directory...

Seems like there's another hard coded 'includes' rule in the PSI search rules.


API Token output Scan results.
(not sure if it will be much help)

<program><productName>OpenOffice.org 3.x</productName><version>3.3.9556.500</version><s tateNumber>1</stateNumber><lastScanOfProgram>13328 31575</lastScanOfProgram><secuniaAdvisoryID>48494< /secuniaAdvisoryID>
<secuniaAdvisoryCriticality>2</secuniaAdvisoryCrit icality><secuniaProductID>20130</secuniaProductID> <vendorProductPage>dc12163f13a670819e18e99fa0a160f e</vendorProductPage><is64bit>0</is64bit><paths><p ath>D:\Open Office\program\soffice.exe</path>

Can also provide the PSIA log if that will help.
Was this reply relevant?
+3
-0
J.Vemmer RE: I couldn't update OpenOffice.org from Secunia.
Secunia Official 27th Mar, 2012 09:44
Score: 5
Posts: 20
User Since: 5th Oct 2011
System Score: N/A
Location: Copenhagen, DK
Thank you for posting the troubleshoot report, it helped immensely.

I have now pinpointed the issue, and it should be fixed if you run a full rescan.

Please feel free to contact us again if you require further assistance.

--
Kind regards,

Jais Vemmer
xSI Signatures Specialist
Nikilet RE: I couldn't update OpenOffice.org from Secunia.
Member 29th Mar, 2012 00:58
Score: 7
Posts: 291
User Since: 15th Jul 2008
System Score: N/A
Location: N/A
Last edited on 29th Mar, 2012 01:00
I have been reading the posts in this topic because I can't seem to get PSI to scan and recognize an updated OpenOffice. Yesterday I uninstalled and reinstalled and then restarted and did a full scan and still it won't recognize.

Someone mentioned everything was ok after doing some kind of manual install but I can't find in any of the posts where to get this manual install.

I had to post and go back and find this: PAhlers said "manual install of dill now scans as secure."
Was this reply relevant?
+0
-0
dhenkel RE: I couldn't update OpenOffice.org from Secunia.
Member 29th Mar, 2012 11:32
Score: 0
Posts: 2
User Since: 29th Mar 2012
System Score: N/A
Location: DE
Last edited on 29th Mar, 2012 11:33
I have a problem (probably the same) with this patch, too. I installed the patch on two computers, one with WinXP, one Win7, both localized German, all installation paths (Windows and OOo) are default on C: drives.

After patching, the version info of OOo itself tells (as expected) "OOO330m20 (Build:9567)". But even after a full rescan Secunia PSI reports version 3.3.9549.500.

The troubleshoot report on the WinXP system is:
---START---

Program Name:
OpenOffice.org 3.x

Security State:
Insecure

Download Link:
http://dl.secunia.com/SPS/OOo_3.3.9567.500.exe

Instances Found:
C:\Programme\OpenOffice.org 3\program\soffice.exe, version: 3.3.9549.500

Last System Scan (localtime):
29. Mar 2012, 10:10

Operating System:
Microsoft Windows XP Professional,

---END---

Now it seens to me that (in the best case) Secunia PSI doesn't recognize the Secunia-provided patch and insists on a false alarm. If so, my problem is just: how can I get rid of this false alarm without disabling PSI checks on my OOo installations at all?

Best regards,
Dirk Henkel
Was this reply relevant?
+0
-0
mdonkers RE: I couldn't update OpenOffice.org from Secunia.
Member 29th Mar, 2012 14:27
Score: 1
Posts: 3
User Since: 22nd Feb 2011
System Score: N/A
Location: N/A
Under Windows 7 64-bit the patch that is downloaded via PSI's 'Install Solution' does nothing. Have even attempted to start it from an Administrator prompt command line and it simply returns.

PSI keeps complaining about OpenOffice, even after I uninstalled it and reinstalled the latest downloaded version from openoffice.org.
Was this reply relevant?
+0
-0
mdonkers RE: I couldn't update OpenOffice.org from Secunia.
Member 29th Mar, 2012 16:15
Score: 1
Posts: 3
User Since: 22nd Feb 2011
System Score: N/A
Location: N/A
This approach works! (Replacing the DLL file.)
Was this reply relevant?
+0
-0
mdonkers RE: I couldn't update OpenOffice.org from Secunia.
Member 29th Mar, 2012 16:16
Score: 1
Posts: 3
User Since: 22nd Feb 2011
System Score: N/A
Location: N/A
on 24th Mar, 2012 21:10, Websafe wrote:
Hello all,

There is also a patch from from OpenOffice (The Apache Software Foundation) to solve the vulnerability.

From Secunia Advisory SA48494
link: http://secunia.com/advisories/48494
scrolling down half page there is a link from Original Advisory:
http://www.openoffice.org/security/cves/CVE-2012-0...

Here you find OpenOffice's explanation about the vulnerability and again halfway the page a link to download the patch:
http://www.apache.org/dyn/closer.cgi/incubator/ooo...

This file: 2012-0037-win.zip includes: unordfmi.dll version 3.3.9567.500, which replaces unordfmi.dll version 3.3.9549.500.

Myself, I have first applied the patch from OpenOffice, and after this run the install solution from PSI; Ooo_3.3.9567.500.exe (see the first post).

Currently PSI 2.0.0.3003 reports OpenOffice version 3.3.9567.500 as secure.

Have a nice day,

Websafe.

This approach works!
Was this reply relevant?
+1
-0
dhenkel RE: I couldn't update OpenOffice.org from Secunia.
Member 29th Mar, 2012 18:23
Score: 0
Posts: 2
User Since: 29th Mar 2012
System Score: N/A
Location: DE
Last edited on 29th Mar, 2012 18:30
@ Websafe and mdonkers: That's it, thanks a lot!

After my attempts with the *.exe from Secunia, I copied the updated OOo DLL from the apache
(https://www.apache.org/dyn/closer.cgi/incubator/oo...)
into my OOo program folder. I didn't have to do anything else after that, just "rescan program" in PSI, and now it recognizes the new version.

Best regards,
Dirk Henkel
Was this reply relevant?
+0
-0
Nikilet RE: I couldn't update OpenOffice.org from Secunia.
Member 30th Mar, 2012 03:07
Score: 7
Posts: 291
User Since: 15th Jul 2008
System Score: N/A
Location: N/A
I downloaded the apache zip folder with the new dll in it. Now, do I remove that old dll (unordfmi.dll version 3.3.9549.500) from C:\Program Files\OpenOffice.org 3\program\soffice.exe, and simply drop this new one (unordfmi.dll version 3.3.9567.500) into that program folder -- then rescan and everything will work?
Was this reply relevant?
+0
-0
Websafe RE: I couldn't update OpenOffice.org from Secunia.
Member 30th Mar, 2012 10:25
Score: 79
Posts: 105
User Since: 24th May 2009
System Score: 100%
Location: NL
on 30th Mar, 2012 03:07, Nikilet wrote:
I downloaded the apache zip folder with the new dll in it. Now, do I remove that old dll (unordfmi.dll version 3.3.9549.500) from C:\Program Files\OpenOffice.org 3\program\soffice.exe, and simply drop this new one (unordfmi.dll version 3.3.9567.500) into that program folder -- then rescan and everything will work?

Hello Nikilet,

To manually patch OpenOffice 3.3.0 you can simply copy the new unordfmi.dll version 3.3.9567.500 into the C:\Program Files\OpenOffice.org 3\program folder and let Windows overwrite the old unordfmi.dll version 3.3.9549.500.

Websafe.
Was this reply relevant?
+0
-0
Anthony Wells RE: I couldn't update OpenOffice.org from Secunia.
Expert Contributor 30th Mar, 2012 15:57
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Nikilet ,

When you have time , please let Websafe and me know how you are coming along :))

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Nikilet RE: I couldn't update OpenOffice.org from Secunia.
Member 30th Mar, 2012 19:00
Score: 7
Posts: 291
User Since: 15th Jul 2008
System Score: N/A
Location: N/A
Last edited on 30th Mar, 2012 21:33
I don't know what I did wrong, but this did not work for me.

I opened the zip file I downloaded from apache (GVE-2012-0037-win) and it had 4 items in it as follows:
LICENSE File
NOTICE File
README.pdf
unordfmi.dll Application Extension

I went to C:\Program Files\OpenOffice.org 3\program. I selected the unordfmi.dll from the above and drug it to said "program" folder. Windows asked me what I wanted to do and I selected "Copy and replace" and then I did a scan with PSI. Got the same results as before.

***It has now been quite awhile since I posted the above. I just had to restart for something else and now PSI shows OpenOffice as up to date. Why didn't it change after I did a complete re-scan? Is it necessary to restart before these things take effect?
Was this reply relevant?
+0
-0
Websafe RE: I couldn't update OpenOffice.org from Secunia.
Member 30th Mar, 2012 22:09
Score: 79
Posts: 105
User Since: 24th May 2009
System Score: 100%
Location: NL
Hello Nikilet,

Was already thinking about your post when I saw your patch problem has been solved!

Not sure why you had to reboot. Other people (including) me mentioned just a PSI scan was needed.
Perhaps OpenOffice or its quick-start tray-icon were not closed?

Anyway good to read PSI is happy again.

Have a nice day,

Websafe.
Was this reply relevant?
+0
-0
Anthony Wells RE: I couldn't update OpenOffice.org from Secunia.
Expert Contributor 30th Mar, 2012 23:14
Score: 2445
Posts: 3,334
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

That's good news , Nikilet . Like Websafe I have no idea why a reboot was needed , Secunia support said just a full scan would do the trick .

Perhaps the "new' .dll file didn't like being "drugged" and was expecting to be right clikced and copied to the program folder . The "bugs" of IT are sent to try us .

Thanks to Websafe , you are sorted .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
davidb009 RE: I couldn't update OpenOffice.org from Secunia.
Member 31st Mar, 2012 14:19
Score: 6
Posts: 11
User Since: 11th Feb 2010
System Score: N/A
Location: UK
I could not update from Open Office! Much the same results and end-state as the quoted reporter. This persistent failure to fix puts Open Office in a very poor light.

David B

--
davidb009
Was this reply relevant?
+0
-0
Websafe RE: I couldn't update OpenOffice.org from Secunia.
Member 31st Mar, 2012 17:21
Score: 79
Posts: 105
User Since: 24th May 2009
System Score: 100%
Location: NL
Hello davidb009,

Does PSI detects your OpenOffice as secure or vulnerable?

In case PSI reports OpenOffice as insecure you can download a patch from:
http://www.apache.org/dyn/closer.cgi/incubator/ooo...
A instruction comes as a PDF file.

Websafe.
Was this reply relevant?
+0
-0
donmac71 RE: I couldn't update OpenOffice.org from Secunia.
Member 6th Apr, 2012 21:20
Score: 0
Posts: 7
User Since: 8th Aug 2008
System Score: 100%
Location: CA
I downloaded the patch 0oo_3.3.9567.500 that was given by Secuna Official and I cannot run iti.
I press Run and get no response.

--
donmac71
Was this reply relevant?
+0
-0
Websafe RE: I couldn't update OpenOffice.org from Secunia.
Member 6th Apr, 2012 22:43
Score: 79
Posts: 105
User Since: 24th May 2009
System Score: 100%
Location: NL
Last edited on 6th Apr, 2012 22:53
on 6th Apr, 2012 21:20, donmac71 wrote:
I downloaded the patch 0oo_3.3.9567.500 that was given by Secuna Official and I cannot run iti.
I press Run and get no response.

Hello Donmac71,

On 26th March a Secunia Official (J. Vemmer) wrote in this (long) thread:
….. We debated the topic of whether or not we should create some sort of visual effect that a user has been successfully patched, but ultimately agreed to go with the completely silent approach. …...

Have you done a full PSI scan to see if Secunia's patch did work?

If Secunia's patch didn't work you might download a patch from OpenOffice, link:
http://www.openoffice.org/security/cves/CVE-2012-0...
and use the download link: For windows installs.
Instructions come with a PDF file.

Good luck,

Websafe.

Edit: link corrected.
Was this reply relevant?
+0
-0
donmac71 RE: I couldn't update OpenOffice.org from Secunia.
Member 7th Apr, 2012 21:00
Score: 0
Posts: 7
User Since: 8th Aug 2008
System Score: 100%
Location: CA
Thanks, I finally got a 100% scan on Secunia using the CVE link that you suggested.
I have been playing with this thing for 2 weeks.
You Guys are the best! Don Mac

--
donmac71
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer