|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200410-17] OpenOffice.org: Temporary files disclosure Vulnerability Scan
Vulnerability Scan Summary OpenOffice.org: Temporary files disclosure
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200410-17
(OpenOffice.org: Temporary files disclosure)
On start-up, OpenOffice.org 1.1.2 creates a temporary directory with
insecure permissions. When a document is saved, a compressed copy of it can
be found in that directory.
Impact
A malicious local user could obtain the temporary files and thus read
documents belonging to other users.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0752
http://www.openoffice.org/issues/show_bug.cgi?id=33357
Solution:
All affected OpenOffice.org users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=app-office/openoffice-1.1.3"
# emerge ">=app-office/openoffice-1.1.3"
All affected OpenOffice.org binary users should upgrade to the latest
version:
# emerge sync
# emerge -pv ">=app-office/openoffice-bin-1.1.3"
# emerge ">=app-office/openoffice-bin-1.1.3"
All affected OpenOffice.org Ximian users should upgrade to the latest
version:
# emerge sync
# emerge -pv ">=app-office/openoffice-ximian-1.3.4"
# emerge ">=app-office/openoffice-1.3.4"
Threat Level: Low
Click HERE for more information and discussions on this network vulnerability scan.
|