GLSA-200410-17 : OpenOffice.org: Temporary files disclosure
Low Nessus Plugin ID 15526
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200410-17 (OpenOffice.org: Temporary files disclosure)
On start-up, OpenOffice.org 1.1.2 creates a temporary directory with insecure permissions. When a document is saved, a compressed copy of it can be found in that directory.
A malicious local user could obtain the temporary files and thus read documents belonging to other users.
There is no known workaround at this time.
SolutionAll affected OpenOffice.org users should upgrade to the latest version:
# emerge sync # emerge -pv '>=app-office/openoffice-1.1.3' # emerge '>=app-office/openoffice-1.1.3' All affected OpenOffice.org binary users should upgrade to the latest version:
# emerge sync # emerge -pv '>=app-office/openoffice-bin-1.1.3' # emerge '>=app-office/openoffice-bin-1.1.3' All affected OpenOffice.org Ximian users should upgrade to the latest version:
# emerge sync # emerge -pv '>=app-office/openoffice-ximian-1.3.4' # emerge '>=app-office/openoffice-1.3.4'