[ GLSA 200410-17 ] OpenOffice.org: Temporary files disclosure

[GLSA]

Gentoo Linux Security Advisory

Title: OpenOffice.org: Temporary files disclosure (GLSA 200410-17)
Severity: low
Exploitable: local
Date: October 20, 2004
Bug(s): #63556
ID: 200410-17

Synopsis


OpenOffice.org uses insecure temporary files which could allow a malicious
local user to gain knowledge of sensitive information from other users'
documents.


Background


OpenOffice.org is an office productivity suite, including word processing,
spreadsheets, presentations, drawings, data charting, formula editing, and
file conversion facilities.


Affected Packages

Package: app-office/openoffice
Vulnerable: = 1.1.2
Unaffected: < 1.1.2
Unaffected: >= 1.1.3
Architectures: All supported architectures

Package: app-office/openoffice-bin
Vulnerable: = 1.1.2
Unaffected: < 1.1.2
Unaffected: >= 1.1.3
Architectures: All supported architectures

Package: app-office/openoffice-ximian
Vulnerable: = 1.1.60
Vulnerable: = 1.1.61
Unaffected: < 1.1.60
Unaffected: >= 1.3.4
Architectures: All supported architectures


Description


On start-up, OpenOffice.org 1.1.2 creates a temporary directory with
insecure permissions. When a document is saved, a compressed copy of it can
be found in that directory.


Impact


A malicious local user could obtain the temporary files and thus read
documents belonging to other users.


Workaround


There is no known workaround at this time.


Resolution


All affected OpenOffice.org users should upgrade to the latest version: