Bugtraq mailing list archives

Re: HeliSec: StarOffice symlink exploit

From: Christian <christian () dijkstra MURDOCH EDU AU>
Date: Thu, 22 Feb 2001 11:50:51 +0800

On Sat, Feb 17, 2001 at 04:57:23PM +0100, JeT Li wrote:

      StarOffice creates a temporary directory in /tmp called soffice.tmp,
with permissions 0777. Into this directory other temporary files are creates,
with the format: svZZZZ.tmp, where ZZZZ in a four or five digits number.


<snip>

I reported this problem to BUGTRAQ on November 8, 2000.  See
http://www.securityfocus.com/bid/1922 for more details.  I believe Sun
has now released patches for this issue.  It always helps to do a search
before reporting a "new" vulnerability. :-)

Regards,

Christian.

Current thread:

HeliSec: StarOffice symlink exploit JeT Li (Feb 19)
- Re: HeliSec: StarOffice symlink exploit Peter W (Feb 20)
- Re: HeliSec: StarOffice symlink exploit Christian (Feb 22)
  - Re: HeliSec: StarOffice symlink exploit JeT Li (Feb 22)
  - Re: HeliSec: StarOffice symlink exploit Kurt Seifried (Feb 22)