Vulnerability Name:

CVE-2008-4937 (CCN-44829)

Assigned:2008-08-24
Published:2008-08-24
Updated:2017-08-08
Summary:senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.
CVSS v3 Severity:5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)
2.2 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
3.3 Low (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P)
2.7 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:UR)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-59
Vulnerability Consequences:File Manipulation
References:Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/496361

Source: CCN
Type: Debian Bug report logs - #496361
The possibility of attack with the help of symlinks in some Debian packages

Source: MITRE
Type: CNA
CVE-2008-4937

Source: CONFIRM
Type: Exploit
http://dev.gentoo.org/~rbu/security/debiantemp/openoffice.org-common

Source: SECUNIA
Type: Vendor Advisory
32856

Source: SECUNIA
Type: Vendor Advisory
33140

Source: GENTOO
Type: UNKNOWN
GLSA-200812-13

Source: CCN
Type: Dmitry E. Oboukhov Advisory
Package: openoffice.org-common

Source: MISC
Type: UNKNOWN
http://uvw.ru/report.lenny.txt

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2009:070

Source: CCN
Type: OpenOffice.org Web site
OpenOffice.org: Home

Source: MLIST
Type: UNKNOWN
[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire

Source: CCN
Type: OSVDB ID: 49605
OpenOffice.org (OOo) senddoc Temporary File Symlink Arbitrary File Overwrite

Source: BID
Type: UNKNOWN
30925

Source: CCN
Type: BID-30925
OpenOffice 'senddoc' Insecure Temporary File Creation Vulnerability

Source: CCN
Type: USN-677-1
OpenOffice.org vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-677-1

Source: CCN
Type: USN-677-2
OpenOffice.org Internationalization update

Source: UBUNTU
Type: UNKNOWN
USN-677-2

Source: CONFIRM
Type: UNKNOWN
https://bugs.gentoo.org/235824

Source: CONFIRM
Type: UNKNOWN
https://bugs.gentoo.org/show_bug.cgi?id=235770

Source: XF
Type: UNKNOWN
openoffice-senddoc-symlink(44829)

Source: XF
Type: UNKNOWN
openoffice-senddoc-symlink(44829)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:openoffice:openoffice.org:2.4.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:openoffice:openoffice.org:2.4.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.10:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:17619
    P
    		USN-677-1 -- openoffice.org, openoffice.org-amd64 vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:21166
    P
    		USN-677-2 -- openoffice.org-l10n update
    2014-06-30
    BACK
    openoffice openoffice.org 2.4.1
    openoffice openoffice.org 2.4.1
    canonical ubuntu 6.06
    canonical ubuntu 7.10
    mandrakesoft mandrake linux 2008.1 x86_64
    mandrakesoft mandrake linux 2008.1
    canonical ubuntu 8.04