First published: Mon Jun 09 2008(Updated: )
OpenOffice.org 1.1.x packages as shipped in Red Hat Enterprise Linux 3 and 4 shipped with certain libraries built with insecure RPATH set in the ELF header. RPATH was incorrectly set to '$ORIGIN' instead of $ORIGIN. This issue can be exploited by a local user to run arbitrary code as some other user if victim can be convinced to run openoffice in the attacker controlled directory with specially crafted content.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Enterprise Linux | =3.0 | |
Redhat Enterprise Linux | =4.0 | |
Openoffice Openoffice | =1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.