Secunia Research reported an issue with the handling of temporary files. A malicious local user could use this flaw to access the contents of another user's open documents. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0752 to this issue. See: https://rhn.redhat.com/errata/RHSA-2004-446.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0752 http://marc.theaimsgroup.com/?l=bugtraq&m=109483308421566&w=2 http://www.openoffice.org/issues/show_bug.cgi?id=33357 ------- Additional Comments From marcdeslauriers 2004-09-18 16:24:33 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA for rh9: Changelog: * Fri Sep 17 2004 Marc Deslauriers <marcdeslauriers> 1.0.2-11.1.legacy - - Fix CAN-2004-0752 (tempfile permissions allow everyone to read data) 81fa353dccdf3572f5ad42ded42debd95b69fc3f openoffice-1.0.2-11.1.legacy.i386.rpm 598a8ccc4edc9390146c32856e530f17e9c96909 openoffice-1.0.2-11.1.legacy.src.rpm e397380da32d18ae944eadaab1c686ea05f80fe8 openoffice-i18n-1.0.2-11.1.legacy.i386.rpm 6bb323563a245b340b0686a82d24ae8f55edfc55 openoffice-libs-1.0.2-11.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/openoffice-1.0.2-11.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/openoffice-1.0.2-11.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/9/openoffice-i18n-1.0.2-11.1.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/9/openoffice-libs-1.0.2-11.1.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBTO3iLMAs/0C4zNoRAsxbAKCl5t8JLJLZYZaEWYaRd4Sdu03urQCfT1kh ks2Sc7VgFu9JNZy5fcavVWY= =UYtX -----END PGP SIGNATURE----- ------- Additional Comments From rob.myers.edu 2004-09-24 10:12:37 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated packages to QA for FC1: Changelog: * Thu Sep 23 2004 Rob Myers <rob.myers.edu> 1.1.0-16.1.legacy - - Fix CAN-2004-0752 (tempfile permissions allow everyone to read data) (RH #130132) with patch from 1.1.0-16.14.EL - - fix "Freetype creeps in somehow", could probably be removed (spec typo) 8eb50f6168807d16e328517702934ff68260a570 openoffice.org-1.1.0-16.1.legacy.src.rpm abf074fb2b01922afa1ef4263c59590dcad3a2a9 openoffice.org-1.1.0-16.1.legacy.i386.rpm 51bbb142da17893569f88e567d1466f02e7d6bce openoffice.org-debuginfo-1.1.0-16.1.legacy.i386.rpm db7204d897058abf76d3df2aa8047edadd74ca0a openoffice.org-i18n-1.1.0-16.1.legacy.i386.rpm 026ba6809b4a155978d219311c79540088d910e1 openoffice.org-libs-1.1.0-16.1.legacy.i386.rpm http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-1.1.0-16.1.legacy.src.rpm http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-1.1.0-16.1.legacy.i386.rpm http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-debuginfo-1.1.0-16.1.legacy.i386.rpm http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-i18n-1.1.0-16.1.legacy.i386.rpm http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-libs-1.1.0-16.1.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBVH+KtU2XAt1OWnsRAkq4AJ0Slxdc0AA/MIVWhzsTVA/vAk/LNwCdEjII qbiG3usTpLtV0/dBMBL9EP0= =U3jX -----END PGP SIGNATURE----- ------- Additional Comments From dom 2004-10-02 14:11:40 ---- This package also fixes CAN-2004-0179 ------- Additional Comments From dom 2004-10-02 14:13:43 ---- Correction to above; that was fixed in an office redhat 9 release. Apologies. ------- Additional Comments From rob.myers.edu 2004-10-08 10:13:53 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 reposting, due to bad sha1sums. i think i did sha1sums _before_ i gpg signed. thanks josh for pointing this out. Here are updated packages to QA for FC1: Changelog: * Thu Sep 23 2004 Rob Myers <rob.myers.edu> 1.1.0-16.1.legacy - - Fix CAN-2004-0752 (tempfile permissions allow everyone to read data) (RH #130132) with patch from 1.1.0-16.14.EL - - fix "Freetype creeps in somehow", could probably be removed (spec typo) CORRECTED sha1sums: 7bd527da78e69414dda34c0c0f04492e68df1a32 openoffice.org-1.1.0-16.1.legacy.i386.rpm 4247f1279117abccc61cbcb209c0e3cfd03c017a openoffice.org-1.1.0-16.1.legacy.src.rpm 258538dd2f632081cc11abe1c8415a067c27adf1 openoffice.org-debuginfo-1.1.0-16.1.legacy.i386.rpm d60f9b2d52b705c4d05e8ab52330a0f25a946c12 openoffice.org-i18n-1.1.0-16.1.legacy.i386.rpm a116ccfcc6ee0c36832addd0e2e4b86ffa878669 openoffice.org-libs-1.1.0-16.1.legacy.i386.rpm http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-1.1.0-16.1.legacy.src.rpm http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-1.1.0-16.1.legacy.i386.rpm http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-debuginfo-1.1.0-16.1.legacy.i386.rpm http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-i18n-1.1.0-16.1.legacy.i386.rpm http://www.stl.gtri.gatech.edu/rmyers/fedoralegacy/openoffice.org-libs-1.1.0-16.1.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBZvTHtU2XAt1OWnsRAhfRAKDergKekDcYpI7D3Sazk58ZqMj2kgCfU6Z0 3rUfFPvzmQ3BENcw/Q01Bpo= =i2h/ -----END PGP SIGNATURE----- ------- Additional Comments From josh.kayse.edu 2004-10-08 10:41:01 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I did a QA on the FC1 package: 4247f1279117abccc61cbcb209c0e3cfd03c017a openoffice.org-1.1.0-16.1.legacy.src.rpm - - source identical to previous - - patch looks ok - - builds clean - - installs clean - - runs good - - spec file looks good -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBZvtHwnUFCSDmt7ERAuNaAJ9K/DvWTP8/ZEjoAhJEajI9z3Ae6QCeIprD HTZ89fn3Fg4bFF+esmEbroE= =tng3 -----END PGP SIGNATURE----- ------- Additional Comments From pekkas 2004-12-15 21:18:50 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Verified the RHL9 SRPM with rpm-build-compare.sh: - original sources and patches OK - spec file changes minimal and OK - the tempfile patch identical to RHEL3, OK - building, installing, testing not verified +PUBLISH (RHL9) 598a8ccc4edc9390146c32856e530f17e9c96909 openoffice-1.0.2-11.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBwTbBGHbTkzxSL7QRAluLAJ9glefX5kRYTHVVfjOnDi9XSvp2JACeMA/o 6Popi+MQAYYRohvKN2orJhI= =c940 -----END PGP SIGNATURE----- ------- Additional Comments From pekkas 2005-02-21 09:08:39 ---- Reminder -- this has been in the "Packages waiting to be built for updates-testing" pile for quite some time now.. ------- Additional Comments From dom 2005-03-06 13:55:26 ---- Created an attachment (id=1003) Excerpt from failed build for rh9 Sorry about the delay on this; I haven't been able to work why this and the fc1 build are failing. Ideas? ------- Additional Comments From dom 2005-03-06 13:55:49 ---- Created an attachment (id=1004) Excerpt from failed FC1 build ------- Additional Comments From marcdeslauriers 2005-03-06 14:35:05 ---- Hi Dom, I think this: jar: Command not found. from the rpm.log is part of the problem. Try adding libgcj as a BuildRequires to get /usr/bin/jar and try once more. ------- Additional Comments From dom 2005-03-07 06:50:52 ---- Created an attachment (id=1005) FC1 spec file Hi Marc, I'd already added that libgcj BuildRequires. (attached, for reference, is the fc1 spec file. ------- Additional Comments From marcdeslauriers 2005-03-07 15:58:31 ---- This: /usr/src/rpm/BUILD/oo_1.1_src/python/unxlngi4.pro/misc/build/Python-2.2.2/Modules/dbmmodule.c:24:2: #error "No ndbm.h available!" is probably missing gdbm-devel. This: /usr/src/rpm/BUILD/oo_1.1_src/python/unxlngi4.pro/misc/build/Python-2.2.2/Modules/_cursesmodule.c:141: error: `FALSE' undeclared here (not in a function) is probably missing ncurses-devel. This: ../../unxlngi4.pro/inc/com/sun/star/registry/XRegistryKey.hpp:398: internal compiler error: Bus error looks really bad and I haven't got a clue. Marc. ------- Bug moved to this database by dkl 2005-03-30 18:27 ------- This bug previously known as bug 2074 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=2074 Originally filed under the Fedora Legacy product and Package request component. Attachments: Excerpt from failed build for rh9 https://bugzilla.fedora.us/attachment.cgi?action=view&id=1003 Excerpt from failed FC1 build https://bugzilla.fedora.us/attachment.cgi?action=view&id=1004 FC1 spec file https://bugzilla.fedora.us/attachment.cgi?action=view&id=1005 Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.
Notes on build logs: rh9: mksvconf _needs_ to segfault, it checks various runtime things like variable size and whatnot. At at least one point, it intentionally segfaults and deals with that in the signal handler. So it seems like a gcc/glibc issue more than a problem with mksvconf. fc1: need more of the buildlog, the error actually happened much earlier and since it was a parallel build, it kept building past the failure point to get as much as possible built. We disabled parallel builds in the specfile eventually because the dependency checking was quite fragile and often broke like this. But it may also be a legitimate code bug too.
Please see Bug #154988 for FC1 packages that fix this bug (CAN-2004-0752) and CAN-2005-0941. I took the 16.1.legacy SRPM from Rob Myers on 2004-10-08, which contain the tempfile vuln fix for this bug, and added the CAN-2005-0941 fix from the FC2 and FC3 packages.
Please see the following bugs which obsolete this one: RH9: Bug 154989 FC1: Bug 154988 These bugs include the fix for CAN-2005-0941 as well as this one, CAN-2004-0752.