Bug 152784 - CAN-2004-0752 - openoffice.org temp file handling bug
CAN-2004-0752 - openoffice.org temp file handling bug
Status: CLOSED ERRATA
Product: Fedora Legacy
Classification: Retired
Component: openoffice (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Dominic Hargreaves
http://cve.mitre.org/cgi-bin/cvename....
1, LEGACY, rh90, needsbuild
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-09-15 15:32 EDT by Marc Deslauriers
Modified: 2007-04-18 13:22 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-17 10:39:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:27:21 EST
Secunia Research reported an issue with the handling of temporary files. A
malicious local user could use this flaw to access the contents of another
user's open documents. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0752 to this issue.

See:
https://rhn.redhat.com/errata/RHSA-2004-446.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0752
http://marc.theaimsgroup.com/?l=bugtraq&m=109483308421566&w=2
http://www.openoffice.org/issues/show_bug.cgi?id=33357



------- Additional Comments From marcdeslauriers@videotron.ca 2004-09-18 16:24:33 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Here are updated packages to QA for rh9:

Changelog:
* Fri Sep 17 2004 Marc Deslauriers <marcdeslauriers@videotron.ca> 1.0.2-11.1.legacy
- - Fix CAN-2004-0752 (tempfile permissions allow everyone to read data)

81fa353dccdf3572f5ad42ded42debd95b69fc3f  openoffice-1.0.2-11.1.legacy.i386.rpm
598a8ccc4edc9390146c32856e530f17e9c96909  openoffice-1.0.2-11.1.legacy.src.rpm
e397380da32d18ae944eadaab1c686ea05f80fe8  openoffice-i18n-1.0.2-11.1.legacy.i386.rpm
6bb323563a245b340b0686a82d24ae8f55edfc55  openoffice-libs-1.0.2-11.1.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/9/openoffice-1.0.2-11.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/openoffice-1.0.2-11.1.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/openoffice-i18n-1.0.2-11.1.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/9/openoffice-libs-1.0.2-11.1.legacy.i386.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBTO3iLMAs/0C4zNoRAsxbAKCl5t8JLJLZYZaEWYaRd4Sdu03urQCfT1kh
ks2Sc7VgFu9JNZy5fcavVWY=
=UYtX
-----END PGP SIGNATURE-----




------- Additional Comments From rob.myers@gtri.gatech.edu 2004-09-24 10:12:37 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Here are updated packages to QA for FC1:
 
Changelog:
* Thu Sep 23 2004 Rob Myers <rob.myers@gtri.gatech.edu> 1.1.0-16.1.legacy
- - Fix CAN-2004-0752 (tempfile permissions allow everyone to read data) (RH
  #130132) with patch from 1.1.0-16.14.EL
- - fix "Freetype creeps in somehow", could probably be removed (spec typo)
 
8eb50f6168807d16e328517702934ff68260a570  openoffice.org-1.1.0-16.1.legacy.src.rpm
abf074fb2b01922afa1ef4263c59590dcad3a2a9  openoffice.org-1.1.0-16.1.legacy.i386.rpm
51bbb142da17893569f88e567d1466f02e7d6bce 
openoffice.org-debuginfo-1.1.0-16.1.legacy.i386.rpm
db7204d897058abf76d3df2aa8047edadd74ca0a 
openoffice.org-i18n-1.1.0-16.1.legacy.i386.rpm
026ba6809b4a155978d219311c79540088d910e1 
openoffice.org-libs-1.1.0-16.1.legacy.i386.rpm
 
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-1.1.0-16.1.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-1.1.0-16.1.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-debuginfo-1.1.0-16.1.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-i18n-1.1.0-16.1.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-libs-1.1.0-16.1.legacy.i386.rpm
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
 
iD8DBQFBVH+KtU2XAt1OWnsRAkq4AJ0Slxdc0AA/MIVWhzsTVA/vAk/LNwCdEjII
qbiG3usTpLtV0/dBMBL9EP0=
=U3jX
-----END PGP SIGNATURE-----




------- Additional Comments From dom@earth.li 2004-10-02 14:11:40 ----

This package also fixes CAN-2004-0179



------- Additional Comments From dom@earth.li 2004-10-02 14:13:43 ----

Correction to above; that was fixed in an office redhat 9 release. Apologies.



------- Additional Comments From rob.myers@gtri.gatech.edu 2004-10-08 10:13:53 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
reposting, due to bad sha1sums.  i think i did sha1sums _before_ i gpg signed.
 
thanks josh for pointing this out.
 
Here are updated packages to QA for FC1:
 
Changelog:
* Thu Sep 23 2004 Rob Myers <rob.myers@gtri.gatech.edu> 1.1.0-16.1.legacy
- - Fix CAN-2004-0752 (tempfile permissions allow everyone to read data) (RH
  #130132) with patch from 1.1.0-16.14.EL
- - fix "Freetype creeps in somehow", could probably be removed (spec typo)
 
CORRECTED sha1sums:
7bd527da78e69414dda34c0c0f04492e68df1a32  openoffice.org-1.1.0-16.1.legacy.i386.rpm
4247f1279117abccc61cbcb209c0e3cfd03c017a  openoffice.org-1.1.0-16.1.legacy.src.rpm
258538dd2f632081cc11abe1c8415a067c27adf1 
openoffice.org-debuginfo-1.1.0-16.1.legacy.i386.rpm
d60f9b2d52b705c4d05e8ab52330a0f25a946c12 
openoffice.org-i18n-1.1.0-16.1.legacy.i386.rpm
a116ccfcc6ee0c36832addd0e2e4b86ffa878669 
openoffice.org-libs-1.1.0-16.1.legacy.i386.rpm
 
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-1.1.0-16.1.legacy.src.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-1.1.0-16.1.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-debuginfo-1.1.0-16.1.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-i18n-1.1.0-16.1.legacy.i386.rpm
http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-libs-1.1.0-16.1.legacy.i386.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
 
iD8DBQFBZvTHtU2XAt1OWnsRAhfRAKDergKekDcYpI7D3Sazk58ZqMj2kgCfU6Z0
3rUfFPvzmQ3BENcw/Q01Bpo=
=i2h/
-----END PGP SIGNATURE-----




------- Additional Comments From josh.kayse@gtri.gatech.edu 2004-10-08 10:41:01 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I did a QA on the FC1 package:

4247f1279117abccc61cbcb209c0e3cfd03c017a  openoffice.org-1.1.0-16.1.legacy.src.rpm

- - source identical to previous
- - patch looks ok
- - builds clean
- - installs clean
- - runs good
- - spec file looks good
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFBZvtHwnUFCSDmt7ERAuNaAJ9K/DvWTP8/ZEjoAhJEajI9z3Ae6QCeIprD
HTZ89fn3Fg4bFF+esmEbroE=
=tng3
-----END PGP SIGNATURE-----




------- Additional Comments From pekkas@netcore.fi 2004-12-15 21:18:50 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Verified the RHL9 SRPM with rpm-build-compare.sh:
 - original sources and patches OK
 - spec file changes minimal and OK
 - the tempfile patch identical to RHEL3, OK
 - building, installing, testing not verified
 
+PUBLISH (RHL9)
 
598a8ccc4edc9390146c32856e530f17e9c96909  openoffice-1.0.2-11.1.legacy.src.rpm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
 
iD8DBQFBwTbBGHbTkzxSL7QRAluLAJ9glefX5kRYTHVVfjOnDi9XSvp2JACeMA/o
6Popi+MQAYYRohvKN2orJhI=
=c940
-----END PGP SIGNATURE-----




------- Additional Comments From pekkas@netcore.fi 2005-02-21 09:08:39 ----

Reminder -- this has been in the "Packages waiting to be built for
updates-testing" pile for quite some time now..



------- Additional Comments From dom@earth.li 2005-03-06 13:55:26 ----

Created an attachment (id=1003)
Excerpt from failed build for rh9

Sorry about the delay on this; I haven't been able to work why this and the fc1
build are failing. Ideas?



------- Additional Comments From dom@earth.li 2005-03-06 13:55:49 ----

Created an attachment (id=1004)
Excerpt from failed FC1 build




------- Additional Comments From marcdeslauriers@videotron.ca 2005-03-06 14:35:05 ----

Hi Dom,

I think this:
jar: Command not found.

from the rpm.log is part of the problem.

Try adding libgcj as a BuildRequires to get /usr/bin/jar and try once more.



------- Additional Comments From dom@earth.li 2005-03-07 06:50:52 ----

Created an attachment (id=1005)
FC1 spec file

Hi Marc,

I'd already added that libgcj BuildRequires. (attached, for reference, is the
fc1 spec file.



------- Additional Comments From marcdeslauriers@videotron.ca 2005-03-07 15:58:31 ----

This:

/usr/src/rpm/BUILD/oo_1.1_src/python/unxlngi4.pro/misc/build/Python-2.2.2/Modules/dbmmodule.c:24:2:
#error "No ndbm.h available!"

is probably missing gdbm-devel.

This:

/usr/src/rpm/BUILD/oo_1.1_src/python/unxlngi4.pro/misc/build/Python-2.2.2/Modules/_cursesmodule.c:141:
error: `FALSE' undeclared here (not in a function)

is probably missing ncurses-devel.

This:

../../unxlngi4.pro/inc/com/sun/star/registry/XRegistryKey.hpp:398: internal
compiler error: Bus error

looks really bad and I haven't got a clue.

Marc.






------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:27 -------

This bug previously known as bug 2074 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2074
Originally filed under the Fedora Legacy product and Package request component.

Attachments:
Excerpt from failed build for rh9
https://bugzilla.fedora.us/attachment.cgi?action=view&id=1003
Excerpt from failed FC1 build
https://bugzilla.fedora.us/attachment.cgi?action=view&id=1004
FC1 spec file
https://bugzilla.fedora.us/attachment.cgi?action=view&id=1005

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Dan Williams 2005-04-14 12:43:12 EDT
Notes on build logs:

rh9: mksvconf _needs_ to segfault, it checks various runtime things like
variable size and whatnot.  At at least one point, it intentionally segfaults
and deals with that in the signal handler.  So it seems like a gcc/glibc issue
more than a problem with mksvconf.

fc1: need more of the buildlog, the error actually happened much earlier and
since it was a parallel build, it kept building past the failure point to get as
much as possible built.  We disabled parallel builds in the specfile eventually
because the dependency checking was quite fragile and often broke like this. 
But it may also be a legitimate code bug too.
Comment 2 Dan Williams 2005-04-15 09:36:45 EDT
Please see Bug #154988 for FC1 packages that fix this bug (CAN-2004-0752) and
CAN-2005-0941.  I took the 16.1.legacy SRPM from Rob Myers on 2004-10-08, which
contain the tempfile vuln fix for this bug, and added the CAN-2005-0941 fix from
the FC2 and FC3 packages.
Comment 3 Dan Williams 2005-04-17 10:39:14 EDT
Please see the following bugs which obsolete this one:

RH9: Bug 154989
FC1: Bug 154988

These bugs include the fix for CAN-2005-0941 as well as this one, CAN-2004-0752.

Note You need to log in before you can comment on or make changes to this bug.