ID CVE-2002-2210
Summary The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file.
References
Vulnerable Configurations
  • cpe:2.3:a:openoffice:openoffice:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:openoffice:openoffice:1.0.1:*:*:*:*:*:*:*
CVSS
Base: 6.2 (as of 05-09-2008 - 20:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:H/Au:N/C:C/I:C/A:C
refmap via4
bid 5950
bugtraq 20021011 OpenOffice 1.0.1 Race condition during installation.
xf openofficeorg-tmpfile-symlink(10346)
statements via4
contributor Mark J Cox
lastmodified 2006-08-30
organization Red Hat
statement Not vulnerable. This issue did not affect the RPM packages of OpenOffice as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Last major update 05-09-2008 - 20:32
Published 31-12-2002 - 05:00
Last modified 05-09-2008 - 20:32
Back to Top