CVE-2004-0752 - OpenCVE

OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Openoffice	Openoffice

Configuration 1 [-]

cpe:2.3:a:openoffice:openoffice:1.1.2:*:*:*:*:*:*:*

References

Link	Resource
http://marc.info/?l=bugtraq&m=109483308421566&w=2
http://secunia.com/advisories/12302/
http://secunia.com/advisories/12546/
http://secunia.com/advisories/12668/
http://secunia.com/advisories/12914/
http://secunia.com/advisories/12932/
http://securitytracker.com/id?1011205	Patch Vendor Advisory
http://www.openoffice.org/issues/show_bug.cgi?id=33357	Exploit Patch Vendor Advisory
http://www.osvdb.org/9804
http://www.redhat.com/support/errata/RHSA-2004-446.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/11151
https://exchange.xforce.ibmcloud.com/vulnerabilities/17312
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10294

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-14T04:00:00

Updated: 2017-10-10T00:57:01

Reserved: 2004-07-26T00:00:00

Link: CVE-2004-0752

JSON object: View

NVD Information

Status : Modified

Published: 2004-10-20T04:00:00.000

Modified: 2017-10-11T01:29:32.107

Link: CVE-2004-0752

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-09-10T00:00:00", "descriptions": [{"lang": "en", "value": "OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "11151", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/11151"}, {"name": "12302", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12302/"}, {"name": "9804", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/9804"}, {"name": "12546", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12546/"}, {"name": "RHSA-2004:446", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2004-446.html"}, {"name": "12668", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12668/"}, {"name": "20040910 OpenOffice World-Readable Temporary Files Disclose Files to Local Users", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=109483308421566&w=2"}, {"name": "oval:org.mitre.oval:def:10294", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10294"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openoffice.org/issues/show_bug.cgi?id=33357"}, {"name": "12914", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12914/"}, {"name": "12932", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12932/"}, {"name": "openofficeorg-tmpfile-insecure-permissions(17312)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17312"}, {"name": "1011205", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1011205"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-0752", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "11151", "refsource": "BID", "url": "http://www.securityfocus.com/bid/11151"}, {"name": "12302", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12302/"}, {"name": "9804", "refsource": "OSVDB", "url": "http://www.osvdb.org/9804"}, {"name": "12546", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12546/"}, {"name": "RHSA-2004:446", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2004-446.html"}, {"name": "12668", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12668/"}, {"name": "20040910 OpenOffice World-Readable Temporary Files Disclose Files to Local Users", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=109483308421566&w=2"}, {"name": "oval:org.mitre.oval:def:10294", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10294"}, {"name": "http://www.openoffice.org/issues/show_bug.cgi?id=33357", "refsource": "CONFIRM", "url": "http://www.openoffice.org/issues/show_bug.cgi?id=33357"}, {"name": "12914", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12914/"}, {"name": "12932", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12932/"}, {"name": "openofficeorg-tmpfile-insecure-permissions(17312)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17312"}, {"name": "1011205", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1011205"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-0752", "datePublished": "2004-09-14T04:00:00", "dateReserved": "2004-07-26T00:00:00", "dateUpdated": "2017-10-10T00:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openoffice:openoffice:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "2F0436BF-D4B6-4437-A509-FEBB779E4B3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users."}, {"lang": "es", "value": "OpenOffice (OOo) 1.12 crea nombres de directorios predecibles con permisos inseguros durante el inicio, lo que puede permitir a usuarios locales leer o listar ficheros de otros usuarios."}], "id": "CVE-2004-0752", "lastModified": "2017-10-11T01:29:32.107", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-10-20T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=109483308421566&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/12302/"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/12546/"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/12668/"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/12914/"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/12932/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://securitytracker.com/id?1011205"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Vendor Advisory"], "url": "http://www.openoffice.org/issues/show_bug.cgi?id=33357"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/9804"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2004-446.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/11151"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17312"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10294"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}