StarOffice /tmp Directory Symbolic Link Vulnerability

StarOffice is a productivity package designed designed to offer advanced word processing and business applications. A vulnerability exists which can allow users to read and write to restricted files belonging to users who run StarOffice.

The problem occurs in use of the /tmp directory. When a user starts the StarOffice application, the application creates the /tmp/soffice.tmp directory with permissions set to 0777. The application has also been observed changing the permissions to 0777 during operation. It is possible for a malicious user to symbolically link the /tmp/soffice.tmp directory to a directory or file owned by a user of StarOffice, thereby changing the permissions of the linked file or directory to 0777. This can result in an elevation of privileges for the attacker.


Privacy Statement
Copyright 2010, SecurityFocus