Gentoo FoundationGLSA-200410-17OpenOffice.org: Temporary files disclosure
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
16.0%
Background
OpenOffice.org is an office productivity suite, including word processing, spreadsheets, presentations, drawings, data charting, formula editing, and file conversion facilities.
Description
On start-up, OpenOffice.org 1.1.2 creates a temporary directory with insecure permissions. When a document is saved, a compressed copy of it can be found in that directory.
Impact
A malicious local user could obtain the temporary files and thus read documents belonging to other users.
Workaround
There is no known workaround at this time.
Resolution
All affected OpenOffice.org users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-office/openoffice-1.1.3"
# emerge ">=app-office/openoffice-1.1.3"
All affected OpenOffice.org binary users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-office/openoffice-bin-1.1.3"
# emerge ">=app-office/openoffice-bin-1.1.3"
All affected OpenOffice.org Ximian users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-office/openoffice-ximian-1.3.4"
# emerge ">=app-office/openoffice-1.3.4"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | app-office/openoffice | = 1.1.2 | UNKNOWN |
| Gentoo | any | all | app-office/openoffice-bin | = 1.1.2 | UNKNOWN |
| Gentoo | any | all | app-office/openoffice-ximian | = 1.1.60 | UNKNOWN |
Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
16.0%