• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

OpenOffice/StarOffice Local File Disclosure Vulnerability

Solution:
This issue has been addressed in Product Update 3 for StarOffice 7 and a release candidate for OpenOffice 1.1.3. Please contact the vendor for further details.

RedHat has released an advisory (RHSA-2004:446-08) to address this issue in Red Hat Enterprise Linux. Please see the advisory in Web references for more information.

Mandrake Linux has made an advisory (MDKSA-2004:103) along with fixes available dealing with this issue. Please see the referenced advisory for more information.

Gentoo has released an advisory (GLSA 200410-17) to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

OpenOffice.org users:
emerge sync
emerge -pv ">=app-office/openoffice-1.1.3"
emerge ">=app-office/openoffice-1.1.3"

OpenOffice.org binary users:
emerge sync
emerge -pv ">=app-office/openoffice-bin-1.1.3"
emerge ">=app-office/openoffice-bin-1.1.3"

OpenOffice.org Ximian users:
emerge sync
emerge -pv ">=app-office/openoffice-ximian-1.3.4"
emerge ">=app-office/openoffice-1.3.4"

The Fedora Legacy project has released advisory FLSA:154988 to address this issue in RedHat Linux 9, and Fedora Core 1 and 2. Please see the referenced advisory for further information.


OpenOffice OpenOffice 1.1.2

• Mandrake OpenOffice.org-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-cs-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-de-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-en-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-es-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-eu-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-fi-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-fr-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-it-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-ja-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-ko-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-nl-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-ru-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-sk-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-sv-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-zh_CN-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-help-zh_TW-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-ar-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-ca-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-cs-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-da-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-de-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-el-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-en-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-es-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-et-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-eu-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-fi-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-fr-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-it-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-ja-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-ko-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-nb-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-nl-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-nn-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-pl-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-pt-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-pt_BR-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-ru-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-sk-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-sv-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-tr-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-zh_CN-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-l10n-zh_TW-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake OpenOffice.org-libs-1.1.2-8.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php

Sun StarOffice 7.0

• Sun 116518-05
  http://sunsolve.sun.com/search/pdownload.pl?target=116518-05&method=f


• Sun 116519-05
  http://sunsolve.sun.com/search/pdownload.pl?target=116519-05&method=f


• Sun 117073-03
  http://sunsolve.sun.com/search/pdownload.pl?target=117073-03&method=f