StarOffice /tmp Directory Symbolic Link Vulnerability

StarOffice /tmp Directory Symbolic Link Vulnerability

StarOffice is a productivity package designed designed to offer advanced word processing and business applications. A vulnerability exists which can allow users to read and write to restricted files belonging to users who run StarOffice.

The problem occurs in use of the /tmp directory. When a user starts the StarOffice application, the application creates the /tmp/soffice.tmp directory with permissions set to 0777. The application has also been observed changing the permissions to 0777 during operation. It is possible for a malicious user to symbolically link the /tmp/soffice.tmp directory to a directory or file owned by a user of StarOffice, thereby changing the permissions of the linked file or directory to 0777. This can result in an elevation of privileges for the attacker.