OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openoffice | Openoffice | 1.1.2 (including) | 1.1.2 (including) |
| Red Hat Enterprise Linux 3 | RedHat | openoffice.org-0:1.1.0-16.14.EL | * |
| Openoffice.org | Ubuntu | dapper | * |
| Openoffice.org | Ubuntu | edgy | * |
| Openoffice.org | Ubuntu | feisty | * |
| Openoffice.org-l10n | Ubuntu | dapper | * |
| Openoffice.org-l10n | Ubuntu | devel | * |
| Openoffice.org-l10n | Ubuntu | edgy | * |
| Openoffice.org-l10n | Ubuntu | feisty | * |
References
- http://marc.info/?l=bugtraq\u0026m=109483308421566\u0026w=2
- http://secunia.com/advisories/12302/
- http://secunia.com/advisories/12546/
- http://secunia.com/advisories/12668/
- http://secunia.com/advisories/12914/
- http://secunia.com/advisories/12932/
- http://securitytracker.com/id?1011205
- http://www.openoffice.org/issues/show_bug.cgi?id=33357
- http://www.osvdb.org/9804
- http://www.redhat.com/support/errata/RHSA-2004-446.html
- http://www.securityfocus.com/bid/11151
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17312
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10294
- http://marc.info/?l=bugtraq\u0026m=109483308421566\u0026w=2
- http://secunia.com/advisories/12302/
- http://secunia.com/advisories/12546/
- http://secunia.com/advisories/12668/
- http://secunia.com/advisories/12914/
- http://secunia.com/advisories/12932/
- http://securitytracker.com/id?1011205
- http://www.openoffice.org/issues/show_bug.cgi?id=33357
- http://www.osvdb.org/9804
- http://www.redhat.com/support/errata/RHSA-2004-446.html
- http://www.securityfocus.com/bid/11151
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17312
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10294