| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> |
| |
| <html xmlns="http://www.w3.org/1999/xhtml"> |
| <head profile="http://www.w3.org/2005/10/profile"> |
| <title>CVE-2010-3689</title> |
| <style type="text/css"></style> |
| </head> |
| |
| <body> |
| <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3689">CVE-2010-3689</a></h2> |
| |
| <h3> |
| Insecure LD_LIBRARY_PATH usage in OpenOffice.org shell scripts |
| </h3> |
| |
| <ul> |
| <li><strong>Synopsis:</strong> |
| The OpenOffice.org start script and other shell scripts expand the LD_LIBRARY_PATH in a insecure way |
| </li> |
| <li><strong>State:</strong> Resolved</li> |
| </ul> |
| |
| <h4>1. Impact</h4> |
| |
| <p> |
| The OpenOffice.org start script and other shell scripts expand the LD_LIBRARY_PATH in a way that the current directory might be searched for libraries before /lib and /usr/lib, which can have security implications. |
| </p> |
| |
| <h4>2. Affected releases</h4> |
| |
| <ul> |
| <li>All versions of OpenOffice.org 3 prior to version 3.3</li> |
| </ul> |
| |
| <p>Note: OpenOffice.org 2 is not impacted by this issue. Earlier versions of OpenOffice.org are no longer supported and will not be evaluated regarding this issue.</p> |
| |
| <h4>3. Symptoms</h4> |
| |
| <p>There are no predictable symptoms that would indicate this issue has occurred.</p> |
| |
| <h4>4. Relief/Workaround</h4> |
| |
| <p> |
| To workaround the described issue, make sure that LD_LIBRARY_PATH is not empty before running soffice or other OpenOffice.org shell scripts. |
| </p> |
| |
| <h4>5. Resolution</h4> |
| |
| <p>This issue is addressed in the following release: <strong>OpenOffice.org 3.3</strong></p> |
| |
| <h4>6. Comments</h4> |
| |
| <p> |
| OpenOffice.org acknowledges with thanks, Dmitri Gribenko. |
| </p> |
| |
| <hr /> |
| |
| <p><a href="//security/">Security Home</a> -> <a href="//security/bulletin.html">Bulletin</a> -> |
| <a href="//security/cves/CVE-2010-3689.html">CVE-2010-3689</a></p> |
| </body> |
| </html> |