navigation bar left navigation bar right

Secunia CSI7
navigation left tab Advisories navigation right tab
navigation left tab Research navigation right tab
navigation left tab Forums navigation right tab
navigation left tab Create Profile navigation right tab
navigation left tab Our Commitment navigation right tab
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Open Office

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
Sun Microsystems
And, this specific program:
Sun ONE Starter Kit

This thread has been marked as locked.
Marum Open Office
Member 14th Sep, 2009 17:13
Ranking: 0
Posts: 3
User Since: 20th Nov, 2008
System Score: 100%
Location: NL
I am working with Windows XP , Dutch version. (On 3 computers)
Secunia tells me that the version of Open Office (Dutch) on my computers is 3.1.9398.500,
and this program is insecure.
In reality i am running version 3.1.0 and no newer update is available.
What is wrong here?
Thanks in advance for your replay.
Jan

Anthony Wells RE: Open Office
Expert Contributor 14th Sep, 2009 22:39
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 14th Sep, 2009 22:51

Hello Jan,

I received this info by Email on 31/08/2009 from OOo :-

Quote;
"The OpenOffice.org Community is pleased to announce the release of
OpenOffice.org 3.1.1, a minor update to OpenOffice.org 3.1.0 released in
May 2009. OpenOffice.org 3.1.1 (EN-US for Microsoft Windows, GNU/Linux,
and Solaris) is available for immediate download from
http://download.openoffice.org. Please contact the appropriate
native-language project http://projects.openoffice.org/native-lang.html
for details of availability in other languages, and the appropriate
porting project http://porting.openoffice.org for details of other
platforms." Unquote

I have updated and PSI shows a similar version number detected as you 3.1.9420.500 , but as secure. The upgrade is a security upgrade , the details are of which are just now made public . PSI is reading the .exe file number , as the installation pathway.

You need to upgrade to version 3.1.1.

Quote;
"Full details of the bugs fixed may be found in the release notes
http://development.openoffice.org/releases/3.1.1.h... Details of the
security vulnerabilities fixed will be published in our security bulletin
http://www.openoffice.org/security/bulletin.html on September 11th when
the standard public disclosure embargo expires. To our knowledge, none of
these vulnerabilities has been exploited; however, in accordance with
industry best practice, we recommend all users of earlier versions to
upgrade to 3.1.1." unquote.

Take care
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Marum RE: Open Office
Member 15th Sep, 2009 08:19
Score: 0
Posts: 3
User Since: 20th Nov 2008
System Score: 100%
Location: NL
Thanks Anthony for your quick replay.

However on the site you mentioned (http://projects.openoffice.org/native-lang.html) only OO3.1.0 (Dutch) is available.
I also wonder why Secunia keeps telling me that i need OO 3.1.9398.500 as i can find no such version
Any suggestions?.
Thanks in advance Jan.
Was this reply relevant?
+0
-0
Slamgeden RE: Open Office
Member 15th Sep, 2009 08:21
Score: 0
Posts: 181
User Since: 17th Jul 2009
System Score: N/A
Location: N/A
on 15th Sep, 2009 08:19, Marum wrote:
Thanks Anthony for your quick replay.

However on the site you mentioned (http://projects.openoffice.org/native-lang.html) only OO3.1.0 (Dutch) is available.
I also wonder why Secunia keeps telling me that i need OO 3.1.9398.500 as i can find no such version
Any suggestions?.
Thanks in advance Jan.


Hey,
they might take a while to release the newest versions localized. It does take some effort to build it all. Try again later, or pick the English version to ensure your security.

--
Assorted Fnords.
Was this reply relevant?
+0
-0
Anthony Wells RE: Open Office
Expert Contributor 15th Sep, 2009 17:01
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 15th Sep, 2009 17:07

Jan ,

If you read the security bulletin (2nd link in the 2nd quote of my earlier post) you can decide for yourself what is the risk of waiting for the Dutch update or whether you should use the English version in the interim . You could also contact OOo direct & see if/when the dutch update might be available , especially as a change to version 3.2. is talked of for end of November 2008 ; you would need to check if there is to be a Dutch version on release.

The version number read by PSI to see if you are up to date/secure is that of the "soffice.exe" file (named in the installation pathway) which is found in your main OOo folder ; the 3.1.9xx N you have corresponds to 3.1.0 , my 3.1.9xx N corresponds to 3.1.1. Bizarre I know , but that's the way it is.

{{If you use PSI in "advanced" mode and click on the + sign in the box at the left end of the programme ; the page expands & gives you plenty of info . In the "toolbox" (lower down) is an "open folder" link which lets you into the main folder ; mouse over the "soffice.exe" file & & you will see the N PSI is reading.}}

Take care
Anthony.


--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Mats55 RE: Open Office
Member 16th Sep, 2009 18:23
Score: 0
Posts: 1
User Since: 27th Nov 2008
System Score: 99%
Location: SE
Last edited on 16th Sep, 2009 18:30
HI,
I'm running the Swedish version of OpenOffice and gets the same warning, of insecure software, version 3.1.9398.500. Following the download link, I'm bounced back the page with the swedish "link", and get's 3.1.0. The one currently installed on my computer. As the previous writer states, What's wrong??
Best Regards
Mats
Was this reply relevant?
+0
-0
Anthony Wells RE: Open Office
Expert Contributor 16th Sep, 2009 21:14
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Mats ,

Nothing is wrong. PSI is detecting that version 3.1.0 on your computer is out of date/insecure as version 3.1.1 is available with security fixes.

Unfortunately OOo does not seem to have updated versions in Swedish or Dutch . So you need to contact OOo - as I suggesed to Jan in my previos post - as it is an OOo problem.

Take care
Anyhony



--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
walklong RE: Open Office
Member 20th Sep, 2009 00:36
Score: 0
Posts: 1
User Since: 11th Sep 2009
System Score: N/A
Location: Rolla, US
another iron in the fire . . .

I'm using the absolutely latest version of OO (download and clean install on a new hard drive w/ Win XP Pro) - and I, too, get the same insecure software warning on scan.

After a little digging, I believe the issue is with a converter for wordperfect files that would possibly allow a hacker access through embedded script/macro -

WARNING - this is just my suspicion as of right now . . .
Was this reply relevant?
+0
-0
Anthony Wells RE: Open Office
Expert Contributor 20th Sep, 2009 12:41
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

@walklong

The securiy issue with OOo is clearly defined in this link (from my first post):-

http://www.openoffice.org/security/bulletin.html

Even if you consider your version of OOo to be up to date , if PSI says it has found an insecure version , it is very seldom wrong , believe me.

How important (or not) the security issue is depends ; if I were you I would do the following in order to check it out :-

1)use PSI in "advanced" mode ;
2)in the "settings" tab make sure that the box in the first/upper section is NOT ticked in order to have the maximum info available ;
3)tell us in which "tab(s)" your problem programme is located ;
4)in that tab , click on the + in the box at the left end of the programme , the page will expand ;
5)in the expanded page , tell us what is written in the "installation path" ;
6)in the "toolbox" section , lower down , the link "technical details" should confirm the installation path details ;
7)click on the link "open folder" and you will see more details concerning the location of the "problem" .

If you are unable to resolve the problem yourself , all this info should allow someone on the forum to help/advise you .

Take care & let us know your progress.
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Marum RE: Open Office
Member 21st Sep, 2009 17:29
Score: 0
Posts: 3
User Since: 20th Nov 2008
System Score: 100%
Location: NL
Anthony,

Thanks for your ongoing assistance.

1 Yes, i am in advanced mode.
2 Box is not ticked.
3 First ?
4 OK clicked
5 D:\Open Office\OpenOffice.org 3\program\soffice.exe
6 Same path. Latest inspection date: 21st Sep. 2009, 17:06 CET
7 By hovering over soffice.exe with the mouse, is shows the following info:

Description: Open Office.Org 3.1
Company: OpenOffice.org
File version 3.1.9398.500
Prod. date: 23-04-2009 5.17
Size: 7.08 Mb

Please bear in mind, that my Open Office and Secunia are both the Dutch version.

Hope this info is any good.
Jan

Was this reply relevant?
+0
-0
Anthony Wells RE: Open Office
Expert Contributor 22nd Sep, 2009 17:14
Score: 2463
Posts: 3,348
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Jan ,

Te Dutch version of 3.1.1 is now available via the link in my first post ; so you can update .

When installed - hopefully PSI will show it in the "patched" tab (4th tab , as the "overview" is really the first tab - not sure how these translate into Dutch) - you can open the programme by clicking the + sign in the box as you did before & check all the details , if you wish.

The .exe file should show 3.1.9420.500 ; 9420 is the "build number" for the 3.1. series version 3.1.1. - you can also see this in the "help" tab at the top left of an any OO module page ; click the tab and select "about" in the dropdown menu . The open window shows version & build numbers .

Take care & let us know how it goes
Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


Secunia is a member of FIRST Secunia is a member of EDUcause Secunia is a member of The Open Group Secunia is a member of FS-ISAC
 
Secunia © 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer
follow Secunia on Facebook follow Secunia on Twitter follow Secunia on LinkedIn follow Secunia on YouTube follow Secunia Xing follow Secunias RSS feed follow Secunia on Google+