Sun StarOffice 5.1 Arbitrary File Read Vulnerability

ID SSV:73709
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


StarOffice is a desktop office suite offered by Sun Microsystems. StarScheduler is a groupware server that ships with StarOffice and includes a webserver that runs as root by default. When a request it sent to a webserver for a document, the StarScheduler httpd will follow "../" paths if provided. As a result, exploiting this allows an attacker to view any file on the target system (the server runs as root..), including files such as /etc/shadow.