Re: HeliSec: StarOffice symlink exploit

[Kurt Seifried <bugtraq () SEIFRIED ORG>]

> > StarOffice creates a temporary directory in /tmp called soffice.tmp,
> > with permissions 0777. Into this directory other temporary files are
creates,
> > with the format: svZZZZ.tmp, where ZZZZ in a four or five digits number.

Staroffice honors $TMP, so create /home/foo/tmp and set your TMP variable. This
is not a solution per se I know, but it does help (and more and more apps are
honoring the $TMP/$TMPDIR variable).

Kurt Seifried, seifried () securityportal com
Securityportal - your focal point for security on the 'net