Bugtraq mailing list archives

Re: StarOffice 5.2 Temporary Dir Vulnerability

From: "Igor Falcomata'" <igor () INFOSEC IT>
Date: Wed, 8 Nov 2000 11:35:45 +0100

On Wed, Nov 08, 2000 at 03:33:53PM +0800, Christian wrote:

Hi,

A while back I noticed that StarOffice 5.2 (running under Linux and
Solaris) creates a temporary directory under /tmp with the name
"soffice.tmp" with permissions 0777.  I figured there had to be some


a real quick workaround is to make (as root) a "fixed" /tmp/soffice.tmp 777
+t dir.

drwxrwxrwt    2 root     root         1024 Nov  9 11:39 soffice.tmp

Note that files created by SO in this dir are still readable (but not
writable) by other users, so change the $TMP var is probabily better.

bye
Koba

--

Igor Falcomata'
IT Security Manager & Consultant
Infosec srl - www.infosec.it
Network Security and Data Defense
 --
free advertising: www.openbsd.org - Multiplatform Ultra-secure OS

Current thread:

Re: StarOffice 5.2 Temporary Dir Vulnerability Kurt Seifried (Nov 09)
- Re: StarOffice 5.2 Temporary Dir Vulnerability Chmouel Boudjnah (Nov 10)
- <Possible follow-ups>
- Re: StarOffice 5.2 Temporary Dir Vulnerability Peter W (Nov 09)
- Re: StarOffice 5.2 Temporary Dir Vulnerability Igor Falcomata' (Nov 10)