CVE-2004-0752
CVSS2.1
发布时间 :2004-10-20 00:00:00
修订时间 :2016-10-17 22:48:38
NMCOS    

[原文]OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.


[CNNVD]OpenOffice临时文件泄露漏洞(CNNVD-200410-050)

        
        OpenOffice是一款办公处理软件,支持多种操作系统。
        OpenOffice建立临时文件目录权限不正确,本地攻击者可以利用这个漏洞获得敏感文件信息。
        当运行OpenOffice时,会建立/tmp/sv.tmp目录,此随机值是3个随机字符串。此目录权限允许其他用户执行'cd'命令,并列出其内容。
        当文件打开时,会在/tmp/sv.tmp目录中建立压缩的文件,权限也允许其他用户可读,因此本地系统用户可以通过查看这些文件获得其他用户敏感信息。
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10294OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0752
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0752
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200410-050
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109483308421566&w=2
(UNKNOWN)  BUGTRAQ  20040910 OpenOffice World-Readable Temporary Files Disclose Files to Local Users
http://securitytracker.com/id?1011205
(VENDOR_ADVISORY)  SECTRACK  1011205
http://www.openoffice.org/issues/show_bug.cgi?id=33357
(VENDOR_ADVISORY)  CONFIRM  http://www.openoffice.org/issues/show_bug.cgi?id=33357
http://www.redhat.com/support/errata/RHSA-2004-446.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:446
http://www.securityfocus.com/bid/11151
(UNKNOWN)  BID  11151
http://xforce.iss.net/xforce/xfdb/17312
(UNKNOWN)  XF  openofficeorg-tmpfile-insecure-permissions(17312)

- 漏洞信息

OpenOffice临时文件泄露漏洞
低危 设计错误
2004-10-20 00:00:00 2005-10-20 00:00:00
本地  
        
        OpenOffice是一款办公处理软件,支持多种操作系统。
        OpenOffice建立临时文件目录权限不正确,本地攻击者可以利用这个漏洞获得敏感文件信息。
        当运行OpenOffice时,会建立/tmp/sv.tmp目录,此随机值是3个随机字符串。此目录权限允许其他用户执行'cd'命令,并列出其内容。
        当文件打开时,会在/tmp/sv.tmp目录中建立压缩的文件,权限也允许其他用户可读,因此本地系统用户可以通过查看这些文件获得其他用户敏感信息。
        

- 公告与补丁

        厂商补丁:
        OpenOffice
        ----------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://www.openoffice.org/nonav/issues/showattachment.cgi/17436/security-tmp-dir.diff

- 漏洞信息

9804
OpenOffice/StarOffice Installation Temporary File Information Disclosure
Local Access Required Information Disclosure, Race Condition
Loss of Confidentiality
Exploit Public RBS Confirmed, Vendor Verified, Coordinated Disclosure

- 漏洞描述

OpenOffice contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker extracts content.xml from a compressed file located in /tmp/sv*.tmp/ during the installation procedure, which will disclose user information resulting in a loss of confidentiality.

- 时间线

2004-09-10 2004-08-16
2004-09-10 Unknow

- 解决方案

Upgrade to OpenOffice version 1.1.3 or higher or apply Product Update 3 or higher for StarOffice, as they have been reported to fix this vulnerability. It is also possible to temporarily work around the flaw by implementing the following workaround: set a more secure umask.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

OpenOffice/StarOffice Local File Disclosure Vulnerability
Design Error 11151
No Yes
2004-09-10 12:00:00 2009-07-12 07:06:00
Discovery is credited to Carsten Eiram.

- 受影响的程序版本

Sun StarOffice 7.0
RedHat Linux 9.0 i386
Red Hat Fedora Core2
Red Hat Fedora Core1
OpenOffice OpenOffice 1.1.2
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32

- 漏洞讨论

StarOffice and OpenOffice are reported prone to a local file disclosure vulnerability. This issue presents itself because the application creates insecure temporary files. Each time a user saves a file, a compressed copy of the file is saved in a temporary direcotry. This can allow a local attacker to disclose files of other users.

OpenOffice 1.1.2 and StarOffice 7.0 are reported prone to this vulnerability.

- 漏洞利用

No exploit is required.

- 解决方案

This issue has been addressed in Product Update 3 for StarOffice 7 and a release candidate for OpenOffice 1.1.3. Please contact the vendor for further details.

RedHat has released an advisory (RHSA-2004:446-08) to address this issue in Red Hat Enterprise Linux. Please see the advisory in Web references for more information.

Mandrake Linux has made an advisory (MDKSA-2004:103) along with fixes available dealing with this issue. Please see the referenced advisory for more information.

Gentoo has released an advisory (GLSA 200410-17) to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

OpenOffice.org users:
emerge sync
emerge -pv ">=app-office/openoffice-1.1.3"
emerge ">=app-office/openoffice-1.1.3"

OpenOffice.org binary users:
emerge sync
emerge -pv ">=app-office/openoffice-bin-1.1.3"
emerge ">=app-office/openoffice-bin-1.1.3"

OpenOffice.org Ximian users:
emerge sync
emerge -pv ">=app-office/openoffice-ximian-1.3.4"
emerge ">=app-office/openoffice-1.3.4"

The Fedora Legacy project has released advisory FLSA:154988 to address this issue in RedHat Linux 9, and Fedora Core 1 and 2. Please see the referenced advisory for further information.


OpenOffice OpenOffice 1.1.2

Sun StarOffice 7.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站