CVE-2000-1156 in StarOffice
Summary
by MITRE
StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 05/28/2018
The vulnerability described in CVE-2000-1156 represents a critical security flaw in StarOffice 5.2 that stems from improper handling of temporary file directories and symbolic link resolution. This issue affects the core security model of the application by creating an insecure temporary directory structure that exposes sensitive data to unauthorized local users. The vulnerability specifically manifests when StarOffice creates temporary files in the /tmp/soffice.tmp directory and fails to properly manage the security context of these files, allowing malicious local users to gain access to data that should remain private to the application's legitimate users.
The technical implementation of this vulnerability involves the application's failure to properly sanitize symbolic link references when creating temporary directories. When StarOffice 5.2 processes documents or performs operations requiring temporary storage, it creates the /tmp/soffice.tmp directory with world-readable permissions, effectively allowing any local user to access files within this directory. This behavior directly violates fundamental security principles of file system permission management and privilege separation. The flaw operates under CWE-276, which categorizes improper file permissions as a common vulnerability that enables unauthorized access to sensitive information. Additionally, this vulnerability aligns with ATT&CK technique T1005 where adversaries access data from local systems through improper file permissions and directory structures.
The operational impact of this vulnerability extends beyond simple information disclosure to potentially compromise the confidentiality of user data processed within StarOffice applications. Any local user who can access the temporary directory can read files that were created by the StarOffice process, including potentially sensitive documents, configuration files, or temporary data that may contain personal information, business data, or other confidential materials. This access vector represents a privilege escalation scenario where a low-privilege user can obtain access to data belonging to a higher-privilege user running StarOffice, creating a significant risk for environments where multiple users share the same system. The vulnerability is particularly dangerous in multi-user environments where users may have different levels of access to sensitive data, as it allows unauthorized access to data that should remain protected.
Mitigation strategies for this vulnerability should focus on proper temporary file management and directory permission controls. System administrators should ensure that temporary directories created by StarOffice are not accessible to unauthorized users through proper file system permissions and directory ownership settings. The application should be configured to create temporary directories with restrictive permissions that prevent world-read access, typically requiring the use of chmod 700 or similar restrictive permissions. Additionally, the application should be updated to properly handle symbolic links by either resolving them to their actual targets or by refusing to follow symbolic links in temporary directory creation processes. This vulnerability highlights the importance of following secure coding practices and proper resource management as outlined in industry standards, particularly those addressing file system security and privilege management. Organizations should also implement regular security audits to identify similar vulnerabilities in legacy software systems and ensure that temporary file handling follows established security guidelines to prevent unauthorized access to sensitive data.