[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: StarOffice 5.2 Temporary Dir Vulnerability

To: BUGTRAQ@SECURITYFOCUS.COM
Subject: Re: StarOffice 5.2 Temporary Dir Vulnerability
From: Igor Falcomata' <igor@INFOSEC.IT>
Date: Wed, 8 Nov 2000 11:35:45 +0100

On Wed, Nov 08, 2000 at 03:33:53PM +0800, Christian wrote:

> Hi,
>
> A while back I noticed that StarOffice 5.2 (running under Linux and
> Solaris) creates a temporary directory under /tmp with the name
> "soffice.tmp" with permissions 0777.  I figured there had to be some

a real quick workaround is to make (as root) a "fixed" /tmp/soffice.tmp 777
+t dir.

drwxrwxrwt    2 root     root         1024 Nov  9 11:39 soffice.tmp

Note that files created by SO in this dir are still readable (but not
writable) by other users, so change the $TMP var is probabily better.

bye
Koba

--

Igor Falcomata'
IT Security Manager & Consultant
Infosec srl - www.infosec.it
Network Security and Data Defense
 --
free advertising: www.openbsd.org - Multiplatform Ultra-secure OS

Prev by Date: Re: HPUX cu -l option buffer overflow vulnerabilit
Next by Date: Re: vlock vulnerability in RedHat 7.0
Prev by thread: StarOffice 5.2 Temporary Dir Vulnerability
Next by thread: Re: StarOffice 5.2 Temporary Dir Vulnerability
Index(es):
- Date
- Thread