What is the severity of CVE-2008-2366?

CVE-2008-2366 is classified as a medium severity vulnerability.

How do I fix CVE-2008-2366?

To fix CVE-2008-2366, upgrade to a version of OpenOffice that does not use insecure RPATH settings.

Who is affected by CVE-2008-2366?

CVE-2008-2366 affects users of OpenOffice.org 1.1.x packages on Red Hat Enterprise Linux versions 3 and 4.

What type of vulnerability is CVE-2008-2366?

CVE-2008-2366 is a local privilege escalation vulnerability due to insecure library path settings.

Can CVE-2008-2366 be exploited remotely?

No, CVE-2008-2366 can only be exploited by a local user with access to the affected system.

Vulnerability/
CVE-2008-2366

medium

4.4

CWE

9/6/2008

16/6/2008

7/8/2024

CVE-2008-2366

First published: Mon Jun 09 2008(Updated: )

OpenOffice.org 1.1.x packages as shipped in Red Hat Enterprise Linux 3 and 4 shipped with certain libraries built with insecure RPATH set in the ELF header. RPATH was incorrectly set to '$ORIGIN' instead of $ORIGIN. This issue can be exploited by a local user to run arbitrary code as some other user if victim can be convinced to run openoffice in the attacker controlled directory with specially crafted content.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Red Hat Enterprise Linux	=3.0
Red Hat Enterprise Linux	=4.0
OpenOffice OpenOffice	=1.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2008-2366?
CVE-2008-2366 is classified as a medium severity vulnerability.
How do I fix CVE-2008-2366?
To fix CVE-2008-2366, upgrade to a version of OpenOffice that does not use insecure RPATH settings.
Who is affected by CVE-2008-2366?
CVE-2008-2366 affects users of OpenOffice.org 1.1.x packages on Red Hat Enterprise Linux versions 3 and 4.
What type of vulnerability is CVE-2008-2366?
CVE-2008-2366 is a local privilege escalation vulnerability due to insecure library path settings.
Can CVE-2008-2366 be exploited remotely?
No, CVE-2008-2366 can only be exploited by a local user with access to the affected system.

collector/nvd-historical
agent/first-publish-date
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/weakness
agent/references
agent/last-modified-date
agent/description
agent/severity
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2008-2366
agent/event
agent/trending
agent/softwarecombine
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/redhat
canonical/red hat enterprise linux
version/red hat enterprise linux/3.0
version/red hat enterprise linux/4.0
vendor/openoffice
canonical/apache openoffice
version/apache openoffice/1.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.