Abrir sesión
logo

DEFENSA FRONTE ÁS CIBERAMEAZAS

barra-separadora

Soporte de vulnerabilidades

Servicio de soporte de vulnerabilidadesAnálisis, notificación y seguimiento de aquellas vulnerabilidades más críticas, que impactan especialmente en las tecnologías empleadas en el sector público. El CCN-CERT trabajará en la recopilación y clasificación de las nuevas vulnerabilidades, realizando un análisis teórico y en laboratorio, cuando sea posible, de aquellas que por su criticidad lo requieran.

Se generarán documentos informativos o “abstracts” de dichas vulnerabilidades y se llevará a cabo un seguimiento de la evolución de la vulnerabilidad en Internet, alertando a los organismos ante cambios en la criticidad, aparición de parches, nuevas recomendaciones, constancia de explotaciones activas, etc.

Para inscribirse en este servicio o recibir más información, escribir al correo electrónico: soporte_acreditacion@ccn.cni.es

Abstracts:


Vulnerability Bulletins


Uso inseguro de archivos temporales en OpenOffice y StarOffice

Vulnerability classification

Property Value
Confidence level Oficial
Impact Integridad
Dificulty Avanzado
Required attacker level Acceso remoto con cuenta

System information

Property Value
Affected manufacturer GNU/Linux
Affected software OpenOffice 1.1.2
StarOffice 7

Description

Se ha descubierto una vulnerabilidad en la versión 1.1.2 de OpenOffice y en la versión 7 de StarOffice. La vulnerabilidad reside en el uso inseguro de archivos temporales ya que tanto OpenOffice como StarOffice crean un directorio temporal ("/tmp/sv.tmp") con permisos de lectura para todo el mundo donde se guarda una versión comprimida de los archivos que son guardados.

La explotación de esta vulnerabilidad podría permitir a un atacante local obtener los archivos que guardan otros usuarios.

Solution



Actualización de software

StarOffice

StarOffice Product Update 3
Solaris x86
http://sunsolve.sun.com/search/advsearch.do?collection=PATCH&type=collections&max=50&language=en&queryKey5=117073&toDocument=yes
Solaris
http://sunsolve.sun.com/search/advsearch.do?collection=PATCH&type=collections&max=50&language=en&queryKey5=116519&toDocument=yes
Linux
http://sunsolve.sun.com/search/advsearch.do?collection=PATCH&type=collections&max=50&language=en&queryKey5=116518&toDocument=yes

OpenOffice
Parche disponible mediante CVS
http://www.openoffice.org

Red Hat Linux (OpenOffice)

Red Hat Desktop (v. 3)
SRPMS
openoffice.org-1.1.0-16.14.EL.src.rpm
i386
openoffice.org-1.1.0-16.14.EL.i386.rpm
openoffice.org-i18n-1.1.0-16.14.EL.i386.rpm
openoffice.org-libs-1.1.0-16.14.EL.i386.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux AS (v. 3)
SRPMS
openoffice.org-1.1.0-16.14.EL.src.rpm
i386
openoffice.org-1.1.0-16.14.EL.i386.rpm
openoffice.org-i18n-1.1.0-16.14.EL.i386.rpm
openoffice.org-libs-1.1.0-16.14.EL.i386.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux ES (v. 3)
SRPMS
openoffice.org-1.1.0-16.14.EL.src.rpm
i386
openoffice.org-1.1.0-16.14.EL.i386.rpm
openoffice.org-i18n-1.1.0-16.14.EL.i386.rpm
openoffice.org-libs-1.1.0-16.14.EL.i386.rpm
https://rhn.redhat.com/

Red Hat Enterprise Linux WS (v. 3)
SRPMS
openoffice.org-1.1.0-16.14.EL.src.rpm
i386
openoffice.org-1.1.0-16.14.EL.i386.rpm
openoffice.org-i18n-1.1.0-16.14.EL.i386.rpm
openoffice.org-libs-1.1.0-16.14.EL.i386.rpm
https://rhn.redhat.com/

Mandrake Linux (OpenOffice)

Mandrakelinux 10.0
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-cs-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-de-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-en-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-es-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-eu-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-fi-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-fr-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-it-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-ja-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-ko-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-nl-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-ru-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-sk-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-sv-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-zh_CN-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-help-zh_TW-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-ar-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-ca-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-cs-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-da-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-de-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-el-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-en-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-es-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-et-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-eu-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-fi-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-fr-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-it-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-ja-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-ko-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-nb-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-nl-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-nn-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-pl-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-pt-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-pt_BR-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-ru-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-sk-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-sv-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-tr-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-zh_CN-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-l10n-zh_TW-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/OpenOffice.org-libs-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/OpenOffice.org-1.1.2-8.100mdk.src.rpm
AMD64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-cs-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-de-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-en-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-es-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-eu-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-fi-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-fr-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-it-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-ja-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-ko-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-nl-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-ru-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-sk-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-sv-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-zh_CN-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-help-zh_TW-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-ar-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-ca-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-cs-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-da-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-de-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-el-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-en-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-es-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-et-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-eu-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-fi-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-fr-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-it-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-ja-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-ko-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-nb-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-nl-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-nn-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-pl-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-pt-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-pt_BR-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-ru-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-sk-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-sv-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-tr-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-zh_CN-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-l10n-zh_TW-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/OpenOffice.org-libs-1.1.2-8.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/OpenOffice.org-1.1.2-8.100mdk.src.rpm

Standar resources

Property Value
CVE CAN-2004-0752
BID 11151

Other resources

OpenOffice Issue 33357
http://www.openoffice.org/issues/show_bug.cgi?id=33357

Secunia Research 13/09/2004
http://secunia.com/secunia_research/2004-5/advisory/

Red Hat Security Advisory RHSA-2004:446-08
https://rhn.redhat.com/errata/RHSA-2004-446.html

Mandrakesoft Security Advisory MDKSA-2004:103
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:103

Version history

Version Comments Date
1.0 Aviso emitido 2004-09-13
1.1 Aviso emitido por Red Hat (RHSA-2004:446-08) 2004-09-16
1.2 Aviso emitido por Mandrake (MDKSA-2004:103) 2004-09-28
Volver

Este sitio web utiliza cookies propias y de terceros para el correcto funcionamiento y visualización del sitio web por parte del usuario, así como la recogida de estadísticas. Si continúa navegando, consideramos que acepta su uso. Puede cambiar la configuración u obtener más información. Modificar configuración