[installation-issues] [Issue 107790] Mirror Site Contains Comp romised Code - URGENT

2009-12-19 Thread bmwmarv 
To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=107790
 Issue #|107790
 Summary|Mirror Site Contains Compromised Code - URGENT
   Component|Installation
 Version|OOo 3.1.1
Platform|PC
 URL|
  OS/Version|Linux
  Status|UNCONFIRMED
   Status whiteboard|
Keywords|
  Resolution|
  Issue type|DEFECT
Priority|P1
Subcomponent|ui
 Assigned to|of
 Reported by|bmwmarv





--- Additional comments from bmwm...@openoffice.org Sun Dec 20 00:21:41 
+ 2009 ---
Downloaded OOo 3.1.1 today, ran the tar.gz, rather than extracting OOo, it
extracted other software to my computer that contained Paros and Yersinia.  Upon
looking up information regarding this software, it is used for Layer 2 attacks
and analysis.  The 'yersinia.log' entry that it created is pasted below wherein
the script attempted to stop pcap on my machine to prevent detection. 
Additionally, all of the file dates, including the log entry, did not agree with
today's date, which I believe was an attempt to prevent detection of recently
installed and executed applications.

I do not know which mirror the software I downloaded initially originated from
as I used the automatic download located here: 
http://download.openoffice.org/contribute.html?download=bouncerproduct%3DOpenOffice.org%26os%3Dlinuxintelwjre%26lang%3Den-US%26version%3D3.1.1

The name of the file that I downloaded was
OOo_3.1.1_LinuxIntel_install_wJRE_en-US.tar.gz.

The folder the file created when I untarred it were a link to my desktop, a
desktop config file entitled 'Set IP Address', a folder entitled 'paros' that
contained an empty document entitled 'AcceptedLicense', config.xml, and
paros.message.txt which contained the following:

2007-03-04 13:41:06,327 INFO  Constant - Created directory /root/paros/
2007-03-04 13:41:06,340 INFO  Constant - Copying defaults from xml/config.xml to
/root/paros/config.xml
2007-03-04 13:41:06,380 INFO  Constant - Creating directory /root/paros/session
2007-03-04 13:41:06,381 INFO  Paros - Paros 3.2.8 started.
2007-03-04 13:41:21,509 INFO  PluginFactory - loaded plugin Password
Autocomplete in browser
2007-03-04 13:41:21,511 INFO  PluginFactory - loaded plugin Secure page browser
cache
2007-03-04 13:41:21,511 INFO  PluginFactory - loaded plugin Cross site scripting
2007-03-04 13:41:21,512 INFO  PluginFactory - loaded plugin Cross site scripting
without brackets
2007-03-04 13:41:21,513 INFO  PluginFactory - loaded plugin Cold Fusion default 
file
2007-03-04 13:41:21,514 INFO  PluginFactory - loaded plugin Lotus Domino default
files
2007-03-04 13:41:21,515 INFO  PluginFactory - loaded plugin IIS default file
2007-03-04 13:41:21,515 INFO  PluginFactory - loaded plugin Macromedia JRun
default files
2007-03-04 13:41:21,516 INFO  PluginFactory - loaded plugin Tomcat source file
disclosure
2007-03-04 13:41:21,517 INFO  PluginFactory - loaded plugin BEA WebLogic example
files
2007-03-04 13:41:21,518 INFO  PluginFactory - loaded plugin IBM WebSphere
default files
2007-03-04 13:41:21,520 INFO  PluginFactory - loaded plugin Directory browsing
2007-03-04 13:41:21,522 INFO  PluginFactory - loaded plugin Private IP 
disclosure
2007-03-04 13:41:21,523 INFO  PluginFactory - loaded plugin Session ID in URL
rewrite
2007-03-04 13:41:21,523 INFO  PluginFactory - loaded plugin CRLF injection
2007-03-04 13:41:21,524 INFO  PluginFactory - loaded plugin MS SQL Injection
2007-03-04 13:41:21,525 INFO  PluginFactory - loaded plugin SQL Injection
2007-03-04 13:41:21,526 INFO  PluginFactory - loaded plugin SQL Injection
Fingerprinting
2007-03-04 13:41:21,527 INFO  PluginFactory - loaded plugin Obsolete file
2007-03-04 13:41:21,527 INFO  PluginFactory - loaded plugin Obsolete file
extended check
2007-03-04 13:41:21,528 INFO  PluginFactory - loaded plugin Parameter tampering
2007-03-04 13:41:21,529 INFO  PluginFactory - loaded plugin Server side include
2007-03-04 13:41:22,000 INFO  FilterFactory - loaded filter Change user agent to
other browsers.
2007-03-04 13:41:22,001 INFO  FilterFactory - loaded filter Detect insecure or
potentially malicious content in HTTP responses.
2007-03-04 13:41:22,001 INFO  FilterFactory - loaded filter Detect and alert
'Set-cookie' attempt in HTTP response for modification.
2007-03-04 13:41:22,001 INFO  FilterFactory - loaded filter Avoid browser cache
(strip off IfModifiedSince)
2007-03-04 13:41:22,002 INFO  FilterFactory - loaded filter Log cookies sent by
browser.
2007-03-04 13:41:22,002 INFO  FilterFactory - loaded filter Log unique GET
queries into file (filter/get.xls)
2007-03-04 13:41:22,002 INFO  FilterFactory - loaded filter Log unique POST
queries into file (filter/post.xls)
2007-03-04 13:41:22,003 INFO  FilterFactory - loaded filter Log request and
response

[installation-issues] [Issue 107790] Mirror Site Contains Comp romised Code - URGENT

2009-12-19 Thread bmwmarv 
To comment on the following update, log in, then open the issue:
http://www.openoffice.org/issues/show_bug.cgi?id=107790


User bmwmarv changed the following:

What|Old value |New value

  Status|UNCONFIRMED   |RESOLVED

Priority|P1|P5

  Resolution|  |FIXED





--- Additional comments from bmwm...@openoffice.org Sun Dec 20 00:33:59 
+ 2009 ---
Corrupted tar.gz.

-
Please do not reply to this automatically generated notification from
Issue Tracker. Please log onto the website and enter your comments.
http://qa.openoffice.org/issue_handling/project_issues.html#notification

-
To unsubscribe, e-mail: issues-unsubscr...@installation.openoffice.org
For additional commands, e-mail: issues-h...@installation.openoffice.org


-
To unsubscribe, e-mail: allbugs-unsubscr...@openoffice.org
For additional commands, e-mail: allbugs-h...@openoffice.org