Vulnerabilities > CVE-2004-0752 - Unspecified vulnerability in Openoffice 1.1.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN openoffice
nessus
Summary
OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-446.NASL description Updated openoffice.org packages that fix a security issue in temporary file handling are now available. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Secunia Research reported an issue with the handling of temporary files. A malicious local user could use this flaw to access the contents of another user last seen 2020-06-01 modified 2020-06-02 plugin id 14739 published 2004-09-15 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14739 title RHEL 3 : openoffice.org (RHSA-2004:446) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2004:446. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(14739); script_version ("1.25"); script_cvs_date("Date: 2019/10/25 13:36:10"); script_cve_id("CVE-2004-0752"); script_xref(name:"RHSA", value:"2004:446"); script_xref(name:"Secunia", value:"12302"); script_name(english:"RHEL 3 : openoffice.org (RHSA-2004:446)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated openoffice.org packages that fix a security issue in temporary file handling are now available. OpenOffice.org is an office productivity suite that includes desktop applications such as a word processor, spreadsheet, presentation manager, formula editor, and drawing program. Secunia Research reported an issue with the handling of temporary files. A malicious local user could use this flaw to access the contents of another user's open documents. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0752 to this issue. All users of OpenOffice.org are advised to upgrade to these updated packages which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-0752" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2004:446" ); script_set_attribute( attribute:"solution", value: "Update the affected openoffice.org, openoffice.org-i18n and / or openoffice.org-libs packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openoffice.org"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openoffice.org-i18n"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openoffice.org-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/20"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/15"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2004:446"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"openoffice.org-1.1.0-16.14.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"openoffice.org-i18n-1.1.0-16.14.EL")) flag++; if (rpm_check(release:"RHEL3", cpu:"i386", reference:"openoffice.org-libs-1.1.0-16.14.EL")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openoffice.org / openoffice.org-i18n / openoffice.org-libs"); } }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200410-17.NASL description The remote host is affected by the vulnerability described in GLSA-200410-17 (OpenOffice.org: Temporary files disclosure) On start-up, OpenOffice.org 1.1.2 creates a temporary directory with insecure permissions. When a document is saved, a compressed copy of it can be found in that directory. Impact : A malicious local user could obtain the temporary files and thus read documents belonging to other users. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 15526 published 2004-10-21 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/15526 title GLSA-200410-17 : OpenOffice.org: Temporary files disclosure code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200410-17. # # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(15526); script_version("1.17"); script_cvs_date("Date: 2019/08/02 13:32:41"); script_cve_id("CVE-2004-0752"); script_xref(name:"GLSA", value:"200410-17"); script_name(english:"GLSA-200410-17 : OpenOffice.org: Temporary files disclosure"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200410-17 (OpenOffice.org: Temporary files disclosure) On start-up, OpenOffice.org 1.1.2 creates a temporary directory with insecure permissions. When a document is saved, a compressed copy of it can be found in that directory. Impact : A malicious local user could obtain the temporary files and thus read documents belonging to other users. Workaround : There is no known workaround at this time." ); # http://www.openoffice.org/issues/show_bug.cgi?id=33357 script_set_attribute( attribute:"see_also", value:"https://bz.apache.org/ooo/show_bug.cgi?id=33357" ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200410-17" ); script_set_attribute( attribute:"solution", value: "All affected OpenOffice.org users should upgrade to the latest version: # emerge sync # emerge -pv '>=app-office/openoffice-1.1.3' # emerge '>=app-office/openoffice-1.1.3' All affected OpenOffice.org binary users should upgrade to the latest version: # emerge sync # emerge -pv '>=app-office/openoffice-bin-1.1.3' # emerge '>=app-office/openoffice-bin-1.1.3' All affected OpenOffice.org Ximian users should upgrade to the latest version: # emerge sync # emerge -pv '>=app-office/openoffice-ximian-1.3.4' # emerge '>=app-office/openoffice-1.3.4'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openoffice-bin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:openoffice-ximian"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2004/10/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/10/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"app-office/openoffice-ximian", unaffected:make_list("lt 1.1.60", "ge 1.3.4"), vulnerable:make_list("eq 1.1.60", "eq 1.1.61"))) flag++; if (qpkg_check(package:"app-office/openoffice-bin", unaffected:make_list("lt 1.1.2", "ge 1.1.3"), vulnerable:make_list("eq 1.1.2"))) flag++; if (qpkg_check(package:"app-office/openoffice", unaffected:make_list("lt 1.1.2", "ge 1.1.3"), vulnerable:make_list("eq 1.1.2"))) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get()); else security_note(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenOffice.org"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C62DC69F05C811D9B45D000C41E2CDAD.NASL description OpenOffice creates a working directory in /tmp on startup, and uses this directory to temporarily store document content. However, the permissions of the created directory may allow other user on the system to read these files, potentially exposing information the user likely assumed was inaccessible. last seen 2020-06-01 modified 2020-06-02 plugin id 36459 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36459 title FreeBSD : openoffice -- document disclosure (c62dc69f-05c8-11d9-b45d-000c41e2cdad) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(36459); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:36"); script_cve_id("CVE-2004-0752"); script_name(english:"FreeBSD : openoffice -- document disclosure (c62dc69f-05c8-11d9-b45d-000c41e2cdad)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "OpenOffice creates a working directory in /tmp on startup, and uses this directory to temporarily store document content. However, the permissions of the created directory may allow other user on the system to read these files, potentially exposing information the user likely assumed was inaccessible." ); # http://www.openoffice.org/issues/show_bug.cgi?id=33357 script_set_attribute( attribute:"see_also", value:"https://bz.apache.org/ooo/show_bug.cgi?id=33357" ); # http://securitytracker.com/alerts/2004/Sep/1011205.html script_set_attribute( attribute:"see_also", value:"https://securitytracker.com/id/1011205" ); # http://marc.theaimsgroup.com/?l=bugtraq&m=109483308421566 script_set_attribute( attribute:"see_also", value:"https://marc.info/?l=bugtraq&m=109483308421566" ); # https://vuxml.freebsd.org/freebsd/c62dc69f-05c8-11d9-b45d-000c41e2cdad.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?873284f6" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ar-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ca-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:cs-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:de-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:dk-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:el-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:es-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:et-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:fi-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:fr-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:gr-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:hu-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:it-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ja-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ko-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:nl-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:pl-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:pt-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:pt_BR-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:ru-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:se-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:sk-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:sl-openoffice-SI"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:tr-openoffice"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:zh-openoffice-CN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:zh-openoffice-TW"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/08/24"); script_set_attribute(attribute:"patch_publication_date", value:"2004/09/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"ar-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"ar-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"ca-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"ca-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"cs-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"cs-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"de-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"de-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"dk-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"dk-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"el-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"el-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"es-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"es-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"et-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"et-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"fi-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"fi-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"fr-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"fr-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"gr-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"gr-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"hu-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"hu-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"it-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"it-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"ja-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"ja-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"ko-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"ko-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"nl-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"nl-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"pl-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"pl-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"pt-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"pt-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"pt_BR-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"pt_BR-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"ru-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"ru-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"se-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"se-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"sk-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"sk-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"sl-openoffice-SI<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"sl-openoffice-SI>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"tr-openoffice<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"tr-openoffice>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"zh-openoffice-CN<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"zh-openoffice-CN>=2.0")) flag++; if (pkg_test(save_report:TRUE, pkg:"zh-openoffice-TW<1.1.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"zh-openoffice-TW>=2.0")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get()); else security_note(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family FreeBSD Local Security Checks NASL id FREEBSD_OPENOFFICE_112_1.NASL description The following package needs to be updated: ar-openoffice last seen 2016-09-26 modified 2004-09-16 plugin id 14759 published 2004-09-16 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=14759 title FreeBSD : openoffice -- document disclosure (131) code #%NASL_MIN_LEVEL 999999 # @DEPRECATED@ # # This script has been deprecated by freebsd_pkg_c62dc69f05c811d9b45d000c41e2cdad.nasl. # # Disabled on 2011/10/02. # # # (C) Tenable Network Security, Inc. # # This script contains information extracted from VuXML : # # Copyright 2003-2006 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # # # include('compat.inc'); if ( description ) { script_id(14759); script_version("1.10"); script_cve_id("CVE-2004-0752"); script_name(english:"FreeBSD : openoffice -- document disclosure (131)"); script_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update'); script_set_attribute(attribute:'description', value:'The following package needs to be updated: ar-openoffice'); script_set_attribute(attribute: 'cvss_vector', value: 'CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N'); script_set_attribute(attribute:'solution', value: 'Update the package on the remote host'); script_set_attribute(attribute: 'see_also', value: 'http://mozillanews.org/?article_date=2004-12-08+06-48-46 http://secunia.com/advisories/13129/ http://secunia.com/advisories/13254/ http://secunia.com/multiple_browsers_window_injection_vulnerability_test/ http://securitytracker.com/alerts/2004/Sep/1011205.html http://www.mozilla.org/security/announce/2006/mfsa2006-09.html http://www.mozilla.org/security/announce/2006/mfsa2006-10.html http://www.mozilla.org/security/announce/2006/mfsa2006-11.html http://www.mozilla.org/security/announce/2006/mfsa2006-12.html http://www.mozilla.org/security/announce/2006/mfsa2006-13.html http://www.mozilla.org/security/announce/2006/mfsa2006-14.html http://www.mozilla.org/security/announce/2006/mfsa2006-15.html http://www.mozilla.org/security/announce/2006/mfsa2006-16.html http://www.mozilla.org/security/announce/2006/mfsa2006-17.html http://www.openoffice.org/issues/show_bug.cgi?id=33357 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 http://www.rs-labs.com/adv/RS-Labs-Advisory-2004-2.txt https://bugzilla.mozilla.org/show_bug.cgi?id=103638 https://bugzilla.mozilla.org/show_bug.cgi?id=273699'); script_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/c62dc69f-05c8-11d9-b45d-000c41e2cdad.html'); script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/16"); script_end_attributes(); script_summary(english:"Check for ar-openoffice"); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); family["english"] = "FreeBSD Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/FreeBSD/pkg_info"); exit(0); } # Deprecated. exit(0, "This plugin has been deprecated. Refer to plugin #36459 (freebsd_pkg_c62dc69f05c811d9b45d000c41e2cdad.nasl) instead."); global_var cvss_score; cvss_score=2; include('freebsd_package.inc'); pkg_test(pkg:"openoffice<1.1.2_1"); pkg_test(pkg:"ar-openoffice<1.1.2_1"); pkg_test(pkg:"ca-openoffice<1.1.2_1"); pkg_test(pkg:"cs-openoffice<1.1.2_1"); pkg_test(pkg:"de-openoffice<1.1.2_1"); pkg_test(pkg:"dk-openoffice<1.1.2_1"); pkg_test(pkg:"el-openoffice<1.1.2_1"); pkg_test(pkg:"es-openoffice<1.1.2_1"); pkg_test(pkg:"et-openoffice<1.1.2_1"); pkg_test(pkg:"fi-openoffice<1.1.2_1"); pkg_test(pkg:"fr-openoffice<1.1.2_1"); pkg_test(pkg:"gr-openoffice<1.1.2_1"); pkg_test(pkg:"hu-openoffice<1.1.2_1"); pkg_test(pkg:"it-openoffice<1.1.2_1"); pkg_test(pkg:"ja-openoffice<1.1.2_1"); pkg_test(pkg:"ko-openoffice<1.1.2_1"); pkg_test(pkg:"nl-openoffice<1.1.2_1"); pkg_test(pkg:"pl-openoffice<1.1.2_1"); pkg_test(pkg:"pt-openoffice<1.1.2_1"); pkg_test(pkg:"pt_BR-openoffice<1.1.2_1"); pkg_test(pkg:"ru-openoffice<1.1.2_1"); pkg_test(pkg:"se-openoffice<1.1.2_1"); pkg_test(pkg:"sk-openoffice<1.1.2_1"); pkg_test(pkg:"sl-openoffice-SI<1.1.2_1"); pkg_test(pkg:"tr-openoffice<1.1.2_1"); pkg_test(pkg:"zh-openoffice-CN<1.1.2_1"); pkg_test(pkg:"zh-openoffice-TW<1.1.2_1");NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-103.NASL description A vulnerability in OpenOffice.org was reported by pmladek where a local user may be able to obtain and read documents that belong to another user. The way that OpenOffice.org created temporary files, which used the user last seen 2020-06-01 modified 2020-06-02 plugin id 14840 published 2004-09-28 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14840 title Mandrake Linux Security Advisory : OpenOffice.org (MDKSA-2004:103)
Oval
| accepted | 2013-04-29T04:04:22.749-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:10294 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users. | ||||||||
| version | 26 |
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://marc.info/?l=bugtraq&m=109483308421566&w=2
- http://marc.info/?l=bugtraq&m=109483308421566&w=2
- http://secunia.com/advisories/12302/
- http://secunia.com/advisories/12302/
- http://secunia.com/advisories/12546/
- http://secunia.com/advisories/12546/
- http://secunia.com/advisories/12668/
- http://secunia.com/advisories/12668/
- http://secunia.com/advisories/12914/
- http://secunia.com/advisories/12914/
- http://secunia.com/advisories/12932/
- http://secunia.com/advisories/12932/
- http://securitytracker.com/id?1011205
- http://securitytracker.com/id?1011205
- http://www.openoffice.org/issues/show_bug.cgi?id=33357
- http://www.openoffice.org/issues/show_bug.cgi?id=33357
- http://www.osvdb.org/9804
- http://www.osvdb.org/9804
- http://www.redhat.com/support/errata/RHSA-2004-446.html
- http://www.redhat.com/support/errata/RHSA-2004-446.html
- http://www.securityfocus.com/bid/11151
- http://www.securityfocus.com/bid/11151
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17312
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17312
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10294
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10294