ID CVE-2004-0752
Summary OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.
References
Vulnerable Configurations
  • cpe:2.3:a:openoffice:openoffice:1.1.2
    cpe:2.3:a:openoffice:openoffice:1.1.2
CVSS
Base: 2.1 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_OPENOFFICE_112_1.NASL
    description The following package needs to be updated: ar-openoffice
    last seen 2016-09-26
    modified 2004-09-16
    plugin id 14759
    published 2004-09-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14759
    title FreeBSD : openoffice -- document disclosure (131)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C62DC69F05C811D9B45D000C41E2CDAD.NASL
    description OpenOffice creates a working directory in /tmp on startup, and uses this directory to temporarily store document content. However, the permissions of the created directory may allow other user on the system to read these files, potentially exposing information the user likely assumed was inaccessible.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 36459
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36459
    title FreeBSD : openoffice -- document disclosure (c62dc69f-05c8-11d9-b45d-000c41e2cdad)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-103.NASL
    description A vulnerability in OpenOffice.org was reported by pmladek where a local user may be able to obtain and read documents that belong to another user. The way that OpenOffice.org created temporary files, which used the user's umask to create the file, could potentially allow for other users to have read access to the document (again, dependent upon the user's umask). The updated packages have been patched to prevent this problem.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 14840
    published 2004-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14840
    title Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2004:103)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-446.NASL
    description Updated openoffice.org packages that fix a security issue in temporary file handling are now available. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Secunia Research reported an issue with the handling of temporary files. A malicious local user could use this flaw to access the contents of another user's open documents. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0752 to this issue. All users of OpenOffice.org are advised to upgrade to these updated packages which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 14739
    published 2004-09-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=14739
    title RHEL 3 : openoffice.org (RHSA-2004:446)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200410-17.NASL
    description The remote host is affected by the vulnerability described in GLSA-200410-17 (OpenOffice.org: Temporary files disclosure) On start-up, OpenOffice.org 1.1.2 creates a temporary directory with insecure permissions. When a document is saved, a compressed copy of it can be found in that directory. Impact : A malicious local user could obtain the temporary files and thus read documents belonging to other users. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 15526
    published 2004-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15526
    title GLSA-200410-17 : OpenOffice.org: Temporary files disclosure
oval via4
accepted 2013-04-29T04:04:22.749-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.
family unix
id oval:org.mitre.oval:def:10294
status accepted
submitted 2010-07-09T03:56:16-04:00
title OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.
version 23
redhat via4
advisories
rhsa
id RHSA-2004:446
refmap via4
bid 11151
bugtraq 20040910 OpenOffice World-Readable Temporary Files Disclose Files to Local Users
confirm http://www.openoffice.org/issues/show_bug.cgi?id=33357
osvdb 9804
sectrack 1011205
secunia
  • 12302
  • 12546
  • 12668
  • 12914
  • 12932
xf openofficeorg-tmpfile-insecure-permissions(17312)
Last major update 17-10-2016 - 22:48
Published 20-10-2004 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top