OpenOffice Senddoc Insecure Temporary File Creation Vulnerability (Linux) Network Vulnerability

Summary

The host has OpenOffice installed and is prone to Insecure Temporary File Creation Vulnerability.

Impact

Successful exploitation allows attackers to delete or corrupt sensitive files, which may result in a denial of service condtion. Impact Level: Application

Solution

Upgrade OpenOffice to higher version. http://download.openoffice.org/index.html

Insight

The flaw exists due to OpenOffice 'senddoc' which creates temporary files in an insecure manner, which allows users to overwrite files via a symlink attack on a /tmp/log.obr.##### temporary file.

Affected

OpenOffice.org 2.4.1 on Linux.

References

http://www.openwall.com/lists/oss-security/2008/10/30/2

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-4937

CVSS	Base Score: 2.6 AV:L/AC:H/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Samba Symlink Directory Traversal Vulnerability
MySQL Authentication bypass through a zero-length password
Subversion Module File Restriction Bypass
OpenOffice senddoc Insecure Temporary File Creation Vulnerability (Linux)
IMAP arbitrary file retrieval

Take action and discover your vulnerabilities