content/security/cves/CVE-2010-3689.html - openoffice-org - Git at Google

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

 <html xmlns="http://www.w3.org/1999/xhtml">
 <head profile="http://www.w3.org/2005/10/profile">
   <title>CVE-2010-3689</title>
   <style type="text/css"></style>
 </head>

 <body>
   <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3689">CVE-2010-3689</a></h2>

   <h3>
   Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts
   </h3>

   <ul>
     <li><strong>Synopsis:</strong>
     The OpenOffice.org start script and other shell scripts expand the LD_LIBRARY_PATH in a insecure way
    	</li>
     <li><strong>State:</strong> Resolved</li>
   </ul>

   <h4>1. Impact</h4>

   <p>
   The OpenOffice.org start script and other shell scripts expand the LD_LIBRARY_PATH in a way that the current directory might be searched for libraries before /lib and /usr/lib, which can have security implications.
   </p>

   <h4>2. Affected releases</h4>

   <ul>
     <li>All versions of OpenOffice.org 3 prior to version 3.3</li>
   </ul>

   <p>Note: OpenOffice.org 2 is not impacted by this issue. Earlier versions of OpenOffice.org are no longer supported and will not be evaluated regarding this issue.</p>

   <h4>3. Symptoms</h4>

   <p>There are no predictable symptoms that would indicate this issue has occurred.</p>

   <h4>4. Relief/Workaround</h4>

   <p>
   To workaround the described issue, make sure that LD_LIBRARY_PATH is not empty before running soffice or other OpenOffice.org shell scripts.
   </p>

   <h4>5. Resolution</h4>

   <p>This issue is addressed in the following release: <strong>OpenOffice.org 3.3</strong></p>

   <h4>6. Comments</h4>

   <p>
   OpenOffice.org acknowledges with thanks, Dmitri Gribenko.
   </p>

   <hr />

   <p><a href="//security/">Security Home</a> -&gt; <a href="//security/bulletin.html">Bulletin</a> -&gt;
   <a href="//security/cves/CVE-2010-3689.html">CVE-2010-3689</a></p>
 </body>
 </html>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

	<html xmlns="http://www.w3.org/1999/xhtml">
	<head profile="http://www.w3.org/2005/10/profile">
	<title>CVE-2010-3689</title>
	<style type="text/css"></style>
	</head>

	<body>
	<h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3689">CVE-2010-3689</a></h2>

	<h3>
	Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts
	</h3>

	<ul>
	<li><strong>Synopsis:</strong>
	The OpenOffice.org start script and other shell scripts expand the LD_LIBRARY_PATH in a insecure way
	</li>
	<li><strong>State:</strong> Resolved</li>
	</ul>

	<h4>1. Impact</h4>

	<p>
	The OpenOffice.org start script and other shell scripts expand the LD_LIBRARY_PATH in a way that the current directory might be searched for libraries before /lib and /usr/lib, which can have security implications.
	</p>

	<h4>2. Affected releases</h4>

	<ul>
	<li>All versions of OpenOffice.org 3 prior to version 3.3</li>
	</ul>

	<p>Note: OpenOffice.org 2 is not impacted by this issue. Earlier versions of OpenOffice.org are no longer supported and will not be evaluated regarding this issue.</p>

	<h4>3. Symptoms</h4>

	<p>There are no predictable symptoms that would indicate this issue has occurred.</p>

	<h4>4. Relief/Workaround</h4>

	<p>
	To workaround the described issue, make sure that LD_LIBRARY_PATH is not empty before running soffice or other OpenOffice.org shell scripts.
	</p>

	<h4>5. Resolution</h4>

	<p>This issue is addressed in the following release: <strong>OpenOffice.org 3.3</strong></p>

	<h4>6. Comments</h4>

	<p>
	OpenOffice.org acknowledges with thanks, Dmitri Gribenko.
	</p>

	<hr />

	<p><a href="//security/">Security Home</a> -> <a href="//security/bulletin.html">Bulletin</a> ->
	<a href="//security/cves/CVE-2010-3689.html">CVE-2010-3689</a></p>
	</body>
	</html>