Red Hat Bugzilla – Bug 130131
CAN-2004-0752 openoffice.org temporary file information leakage.
Last modified: 2007-11-30 17:10:47 EST
Secunia Research has discovered a vulnerability in the OpenOffice
implementation on Fedora Core 1 and Fedora Core 2, which potentially can
be exploited by malicious, local users to gain knowledge of sensitive
Default installs create temporary OpenOffice documents with insecure
permissions ("664" or "644" depending on the user's umask) in the "/tmp"
(The temporary folders and files are always named "sv???.tmp").
Successful exploitation allows an unprivileged user to read arbitrary
users' currently open documents.
It looks like FC1 isn't affected by this issue.
This issue will be CAN-2004-0752
Embargo moved to Sep 8th 1300BST
This issue is now public
Josh, test with 1.1.2-5 in rawhide. I may be able to do this early
Fixed in updated 1.1.2-10.fc2 in fc2-updates