Announcement

Collapse
No announcement yet.

Apache OpenOffice Vulnerable To One-Click Code Execution

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by Alexmitter View Post
    Not even is a systemd deamon, the binary was just named "systemd-deamon" to be less likely to be detected by layer 8 error containing system admins. Non of that code was ever in systemd, so no, your malware with the funny name is not part of this ubiquitous software.
    Here are the known nasty md5's:
    systemd-daemon 1d45cd2c1283f927940c099b8fab593b 0/61 2018-05-16 04:22:59
    systemd-daemon 11ad1e9b74b144d564825d65d7fb37d6 0/58 2018-12-25 08:02:05
    systemd-daemon 5c0f375e92f551e8f2321b141c15c48f 0/56 2020-05-08 05:50:06
    gvfsd-helper 64f6cfe44ba08b0babdd3904233c4857 0/61 2021-01-18 13:13:19
    https://blog.netlab.360.com/stealth_...o_backdoor_en/

    Here's a command to check for them:
    sudo find / \( -name "gvfsd-helper" -o -name "systemd-daemon" \) -exec md5sum {} \;
    https://hackaday.com/2021/04/30/this...pv4-addresses/

    Time to get to checking, systemd fanboys. Some sysadmins are going to get paid overtime this week...

    Comment


    • #12
      Originally posted by Alexmitter View Post
      Who still runs OpenOffice seemingly deserves that.
      Two my friends still use it. Not because thet not know about LO. Just because in one case it cannot correctly display (or crashing - don't remember) one particular type of document that they are working on. And OpenOffice still works fine on it. And yes, as far as I know, they reported a bug to LO and it remained with no response.

      In my case, I use LO from long time but for my daily job I need good compatibility with MS Office formats like .docx or excel and LO here is very bad for my job. Thats why for home job I use WPS (closedsource) and in my law office I use opensource OnlyOffice [not OpenOffice] - for best MS Office compatybility.

      Comment


      • #13
        Non-savvy users may not be aware that LibreOffice has replaced OpenOffice, so people are caught.

        Comment


        • #14
          Originally posted by xpris View Post

          Two my friends still use it. Not because thet not know about LO. Just because in one case it cannot correctly display (or crashing - don't remember) one particular type of document that they are working on. And OpenOffice still works fine on it. And yes, as far as I know, they reported a bug to LO and it remained with no response.

          In my case, I use LO from long time but for my daily job I need good compatibility with MS Office formats like .docx or excel and LO here is very bad for my job. Thats why for home job I use WPS (closedsource) and in my law office I use opensource OnlyOffice [not OpenOffice] - for best MS Office compatybility.
          WPS and OnlyOffice both have very good MS compatability. Have you tried Softmaker Office? I find that its MS compatibility is even better in some ways.

          Comment


          • #15
            We have directly contacted the users of Apache OpenOffice to warn them to patch for this vulnerability.

            Ed. Correction, additional quotation was omitted: We have directly contacted the users of Apache OpenOffice to warn them to patch for this vulnerability. However, we were unable to reach about 30%, which means we have as many as 3 users that have not been reached yet.

            Comment


            • #16
              Originally posted by andyprough View Post

              WPS and OnlyOffice both have very good MS compatability. Have you tried Softmaker Office? I find that its MS compatibility is even better in some ways.
              Me too. OnlyOffice is a bit barebones still and it wouldn't even open half of my documents. WPS is a lot better, but it still has some quirks in some documents. However, FreeOffice and its paid variant SoftMaker Office have never failed me so far. In fact, I even paid for a SMO license because of that.

              Comment


              • #17
                I find it so interesting that OpenOffice is in such a bad shape despite Apache's backing. I mean: it's not like Apache is run by a few devs in their spare time - they're relatively big and have a good reputation because of their other software.

                Comment


                • #18
                  It would be interesting to hear from LibreOffice Foundation about their download numbers. I bet they were much smaller than Apache's, hence avoiding talking about it too much.

                  Comment


                  • #19
                    Originally posted by Vistaus View Post
                    I find it so interesting that OpenOffice is in such a bad shape despite Apache's backing. I mean: it's not like Apache is run by a few devs in their spare time - they're relatively big and have a good reputation because of their other software.
                    I doubt the apache devs have much to do with it. From my recollection what happened was by 2011, all the active OOo developers had moved over to LO in order to save the code from Oracle, and the plan was to retire OOo as a project and fold it into the LO foundation. Oracle didn't really care, but IBM flipped out because they were still selling an OOo derived product called Lotus Symphony. IBM needed somewhere to dump the code and picked the Apache project (quite possibly along with a financial donation to the project to make the hosting of the project more appetizing, but who knows).

                    I may be missing a few steps in the timeline but I think that's the basics.

                    Anyway, it was all done with great fanfair and talk about how a great community was going to rise from the ashes and build OOo to new heights of brilliance, and of course that never happened nor was it ever apparently intended to happen. A small group of devs worked with the code over the years, progress was incredibly slow compared to LO, what progress that was made was mostly backported stuff from LO, IBM quickly and quietly dumped Lotusy Symphony, and here we are.

                    [Edited to remove RedHat as the main instigator of the move to Apache - as RahulSundaram pointed out, my memory was faulty and RedHat was an early supporter of LibreOffice and the Document Foundation: https://www.phoronix.com/forums/foru...3#post1254943]
                    Last edited by andyprough; 04 May 2021, 04:21 PM.

                    Comment


                    • #20
                      Originally posted by andyprough View Post
                      Time to get to checking, systemd fanboys. Some sysadmins are going to get paid overtime this week...
                      You seem to be unable to read your own sources.

                      This virus, this binary called "systemd-daemon" has as much to do with systemd as a hypothetical virus that names itself "Xorg" has to do with Xorg. Funny too because one of the first people who noticed it was running Void linux that is well known for not using systemd.

                      You should be as much concerned about it no matter what init system you use, it could call itself "init" or "s6" too. And please, for the love of god, stop embarrassing yourself.

                      Comment

                      Working...
                      X