[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#271503: openoffice.org: Lack of confidentiality for temporary document storage



Package: openoffice.org
Version: 1.1.2-2
Severity: important
Tags: security patch

OpenOffice temporarily stores documents with insecure permissions,
leading to a compromise of document confidentiality for other
non-root users on that system. Details can be found at:
http://www.openoffice.org/issues/show_bug.cgi?id=33357

I've set the severity to important, please raise it if you think that
it's release critical.

I extracted a patch from the OpenOffice.org that fixes the vulnerability.
It's attached.

Cheers,
       Moritz
-- 
Moritz Mühlenhoff  muehlenhoff@univention.de      fon: +49 421 22 232- 0
Development        Linux for Your Business                             
Univention GmbH    http://www.univention.de/      fax: +49 421 22 232-99

-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.26 #1 SMP Wed Jun 30 12:43:43 CEST 2004 i686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro

Versions of packages openoffice.org depends on:
ii  dictionaries-co 0.15.4.2.200310221248    Common utilities for spelling dict
ii  openoffice.org- 1.1.2-2.28.200407132023  OpenOffice.org office suite binary
ii  openoffice.org- 1.1.2-2+1.5.200407140824 Debian specific parts of OpenOffic
ii  openoffice.org- 1.1.2-2.28.200407132023  German language package for OpenOf
ii  openoffice.org- 1.1.2-2.28.200407132023  English (US) language package for 
ii  ttf-opensymbol  1.1.2-2.28.200407132023  The OpenSymbol TrueType font

-- debconf-show failed

Attachment: /home/jmm/openoffice.org-secure-tempfile-permissions.diff
Description: image/3ds


Reply to: