Vulnerability Name:

CVE-2010-3689 (CCN-65428)

Assigned:2010-10-01
Published:2011-01-26
Updated:2022-02-07
Summary:soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
3.7 Low (REDHAT CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P)
2.7 Low (REDHAT Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-22
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2010-3689

Source: OSVDB
Type: Broken Link
70716

Source: CCN
Type: RHSA-2011-0182
Important: openoffice.org security update

Source: CCN
Type: RHSA-2011-0183
Important: openoffice.org security and bug fix update

Source: SECUNIA
Type: Broken Link
40775

Source: SECUNIA
Type: Broken Link
42999

Source: SECUNIA
Type: Broken Link
43065

Source: SECUNIA
Type: Broken Link
43105

Source: CCN
Type: SA44202
IBM Lotus Symphony OpenOffice.org Multiple Vulnerabilities

Source: SECUNIA
Type: Broken Link
60799

Source: UBUNTU
Type: Third Party Advisory
USN-1056-1

Source: DEBIAN
Type: Third Party Advisory
DSA-2151

Source: DEBIAN
Type: DSA-2151
openoffice.org -- several vulnerabilities

Source: GENTOO
Type: Third Party Advisory
GLSA-201408-19

Source: MANDRIVA
Type: Broken Link
MDVSA-2011:027

Source: CCN
Type: OpenOffice.org Web site
Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts

Source: CONFIRM
Type: Vendor Advisory
http://www.openoffice.org/security/cves/CVE-2010-3689.html

Source: CCN
Type: Oracle Critical Patch Update Advisory - April 2011
Oracle Critical Patch Update Advisory - April 2011

Source: CONFIRM
Type: Third Party Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html

Source: CCN
Type: OSVDB ID: 70716
OpenOffice.org (OOo) soffice LD_LIBRARY_PATH Zero-length Directory Name Path Subversion Local Privilege Escalation

Source: REDHAT
Type: Broken Link
RHSA-2011:0182

Source: BID
Type: Broken Link, Third Party Advisory, VDB Entry
46031

Source: CCN
Type: BID-46031
OpenOffice Multiple Remote Code Execution Vulnerabilities

Source: SECTRACK
Type: Broken Link, Third Party Advisory, VDB Entry
1025004

Source: VUPEN
Type: Broken Link
ADV-2011-0230

Source: VUPEN
Type: Broken Link
ADV-2011-0232

Source: VUPEN
Type: Broken Link
ADV-2011-0279

Source: CCN
Type: Red Hat Bugzilla Bug 641224
CVE-2010-3689 OpenOffice.org: soffice insecure LD_LIBRARY_PATH setting

Source: CONFIRM
Type: Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=641224

Source: XF
Type: UNKNOWN
ooo-ldlibpath-priv-escalation(65428)

Source: CCN
Type: IBM Support & Downloads Web site
IBM Lotus Symphony 3.0 Component Fix Pack 2 Release Notes

Source: SUSE
Type: SUSE-SR:2011:007
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:apache:openoffice:*:*:*:*:*:*:*:* (Version >= 3.0.0 and < 3.3.0)

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:6.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_productivity:5:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/o:redhat:enterprise_linux:6::client:*:*:*:*:*

    • Configuration RedHat 7:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 8:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:openoffice.org:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:3.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:openoffice.org:3.2.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*
  • OR cpe:/a:ibm:lotus_symphony:3.0.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:26107
    P
    		Security update for openssl-1_0_0 (Important)
    2021-08-24
    oval:org.opensuse.security:def:26104
    P
    		Security update for libcares2 (Important)
    2021-08-16
    oval:org.opensuse.security:def:20103689
    V
    		CVE-2010-3689
    2021-08-15
    oval:org.opensuse.security:def:36479
    P
    		libreoffice-4.0.3.3.26-0.10.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36482
    P
    		libreoffice-testtool-3.4.5.5-0.3.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:26043
    P
    		Security update for bind (Important)
    2021-05-04
    oval:org.opensuse.security:def:26040
    P
    		Security update for gdm (Important)
    2021-04-28
    oval:org.opensuse.security:def:26032
    P
    		Security update for sudo (Important)
    2021-04-20
    oval:org.opensuse.security:def:26029
    P
    		Security update for the Linux Kernel (Important)
    2021-04-15
    oval:org.opensuse.security:def:26028
    P
    		Security update for xorg-x11-server (Important)
    2021-04-13
    oval:org.opensuse.security:def:26031
    P
    		Security update for php74 (Moderate)
    2021-01-14
    oval:org.opensuse.security:def:26370
    P
    		Security update for mbedtls (Important)
    2020-12-01
    oval:org.opensuse.security:def:27477
    P
    		libreoffice on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26749
    P
    		libgtop on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26605
    P
    		libtiff3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26235
    P
    		Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26807
    P
    		perl-spamassassin on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26707
    P
    		glib2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26373
    P
    		Security update for ffmpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27480
    P
    		libreoffice-testtool on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26760
    P
    		libpoppler-glib4 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26608
    P
    		libxml2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26313
    P
    		Security update for python-requests (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27442
    P
    		libevent-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26710
    P
    		gnome-screensaver on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26454
    P
    		Security update for python-Jinja2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26763
    P
    		libqt4-sql-mysql on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26658
    P
    		MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26316
    P
    		Recommended update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:27445
    P
    		libexpat-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26746
    P
    		libfreebl3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26457
    P
    		Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:26232
    P
    		Security update for openconnect (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26804
    P
    		perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26661
    P
    		OpenEXR on GA media (Moderate)
    2020-12-01
    oval:org.mitre.oval:def:12858
    P
    		DSA-2151-1 openoffice.org -- several
    2015-02-23
    oval:org.mitre.oval:def:13739
    P
    		USN-1056-1 -- openoffice.org vulnerabilities
    2014-06-30
    oval:org.mitre.oval:def:23509
    P
    		ELSA-2011:0183: openoffice.org security and bug fix update (Important)
    2014-05-26
    oval:org.mitre.oval:def:23069
    P
    		ELSA-2011:0182: openoffice.org security update (Important)
    2014-05-26
    oval:org.mitre.oval:def:21381
    P
    		RHSA-2011:0182: openoffice.org security update (Important)
    2014-02-24
    oval:org.mitre.oval:def:21625
    P
    		RHSA-2011:0183: openoffice.org security and bug fix update (Important)
    2014-02-24
    oval:com.redhat.rhsa:def:20110182
    P
    		RHSA-2011:0182: openoffice.org security update (Important)
    2011-01-28
    oval:com.redhat.rhsa:def:20110183
    P
    		RHSA-2011:0183: openoffice.org security and bug fix update (Important)
    2011-01-28
    BACK
    apache openoffice *
    canonical ubuntu linux 8.04
    canonical ubuntu linux 9.10
    canonical ubuntu linux 10.04
    canonical ubuntu linux 10.10
    debian debian linux 5.0
    debian debian linux 6.0
    sun openoffice.org 3.0.0
    sun openoffice.org 3.0.1
    sun openoffice.org 3.1.0
    sun openoffice.org 3.1.1
    sun openoffice.org 3.2.0
    sun openoffice.org 3.2.1
    redhat enterprise linux 5
    redhat enterprise linux 5
    redhat enterprise linux 6
    redhat enterprise linux 6
    ibm lotus symphony 3.0.0
    redhat enterprise linux desktop 6