Vulnwatch mailing list archives
Secunia Research: StarOffice / OpenOffice Insecure Temporary File Creation
From: "Carsten H. Eiram" <che () secunia com>
Date: Mon, 13 Sep 2004 09:37:34 +0200
====================================================================== Secunia Research 13/09/2004 - StarOffice / OpenOffice Insecure Temporary File Creation - ====================================================================== Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10 ====================================================================== 1) Affected Software StarOffice 7 OpenOffice 1.1.2 ====================================================================== 2) Severity Rating: Less Critical Impact: Exposure of Sensitive Information Where: Local System ====================================================================== 3) Vendor's Description of Software "StarOffice 7 Office Suite is the world's leading office productivity suite on Linux and the Solaris OS, and the leading alternative office suite on Windows.". Product link: http://wwws.sun.com/software/star/staroffice/ "OpenOffice.org is both an Open Source product and a project. The product is a multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, and drawing program, with a user interface and feature set similar to other office suites.". Product link: http://www.openoffice.org/ ====================================================================== 4) Description of Vulnerability Secunia has discovered a vulnerability in StarOffice and OpenOffice, which can be exploited by malicious, local users to gain knowledge of sensitive information. The vulnerability is caused due to temporary files being created with insecure permissions (usually "664" or "644" depending on the user's umask) in the "/tmp" folder when open documents are saved. Example: $ ls -la /tmp/svh69.tmp/ total 16 drwxrwxr-x 2 test test 4096 Aug 18 12:32 . drwxrwxrwt 10 root root 4096 Aug 18 12:31 .. -rw-rw-r-- 1 test test 4937 Aug 18 12:32 svh6g.tmp Successful exploitation allows an unprivileged user to read arbitrary users' currently open documents. ====================================================================== 5) Solution The vulnerability has been fixed in Product Update 3 for StarOffice and a release candidate of OpenOffice 1.1.3. ====================================================================== 6) Time Table 16/08/2004 - Vulnerability discovered. 17/08/2004 - Vendor notified. 17/08/2004 - Vendor confirms vulnerability. 13/09/2004 - Public disclosure. ====================================================================== 7) Credits Discovered by Carsten Eiram, Secunia Research. ====================================================================== 8) References The Common Vulnerabilities and Exposures (CVE) project has assigned the vulnerability candidate number: CAN-2004-0752. ====================================================================== 9) About Secunia Secunia collects, validates, assesses, and writes advisories regarding all the latest software vulnerabilities disclosed to the public. These advisories are gathered in a publicly available database at the Secunia website: http://secunia.com/ Secunia offers services to our customers enabling them to receive all relevant vulnerability information to their specific system configuration. Secunia offers a FREE mailing list called Secunia Security Advisories: http://secunia.com/secunia_security_advisories/ ====================================================================== 10) Verification Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2004-5/ ======================================================================
Current thread:
- Secunia Research: StarOffice / OpenOffice Insecure Temporary File Creation Carsten H. Eiram (Sep 13)