Symlink Follow Vulnerability in StarOffice by Sun Microsystems
CVE-2000-1156

Currently unrated

Key Information:

Vendor: Oracle
Status: Staroffice
Vendor: CVE Published:; 9 January 2001

What is CVE-2000-1156?

The StarOffice 5.2 suite developed by Sun Microsystems has a vulnerability that allows local users to read other users' files. This is due to its handling of symbolic links in the /tmp/soffice.tmp directory, where it grants world-readable permissions. Anyone with local access can exploit this flaw to gain unauthorized access to sensitive information from other users who are currently utilizing the StarOffice application.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/5487

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/bugtraq/2000-11/01...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/1922

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2001
Vulnerability Reserved
Dec 14, 2000

Oracle

What is CVE-2000-1156?

References

Timeline