Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4937

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-4937
Last Modified 03 Jan 2013 12:00:00
Published 05 Nov 2008 10:00:14
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2008-4937

Summary

senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.

Vulnerable Systems

Application

  • Openoffice.org 2.4.1


References

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=235770

CONFIRM - https://bugs.gentoo.org/235824

XF - openoffice-senddoc-symlink(44829)

UBUNTU - USN-677-2

BID - 30925

MLIST - [oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

MANDRIVA - MDVSA-2009:070

MISC - http://uvw.ru/report.lenny.txt

GENTOO - GLSA-200812-13

SECUNIA - 33140

CONFIRM - http://dev.gentoo.org/~rbu/security/debiantemp/openoffice.org-common

CONFIRM - http://bugs.debian.org/496361

UBUNTU - USN-677-1

SECUNIA - 32856


Last Updated: 27 May 2016 10:49:46