CVE-2010-3450

Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.
References
Link Resource
http://osvdb.org/70711 Broken Link
http://secunia.com/advisories/40775 Broken Link
http://secunia.com/advisories/42999 Broken Link
http://secunia.com/advisories/43065 Broken Link
http://secunia.com/advisories/43105 Broken Link
http://secunia.com/advisories/43118 Broken Link
http://secunia.com/advisories/60799 Broken Link
http://ubuntu.com/usn/usn-1056-1 Third Party Advisory
http://www.debian.org/security/2011/dsa-2151 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 Broken Link
http://www.openoffice.org/security/cves/CVE-2010-3450.html Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0181.html Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0182.html Broken Link
http://www.securityfocus.com/bid/46031 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025002 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0230 Broken Link
http://www.vupen.com/english/advisories/2011/0232 Broken Link
http://www.vupen.com/english/advisories/2011/0279 Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=602324 Issue Tracking Patch Third Party Advisory
http://osvdb.org/70711 Broken Link
http://secunia.com/advisories/40775 Broken Link
http://secunia.com/advisories/42999 Broken Link
http://secunia.com/advisories/43065 Broken Link
http://secunia.com/advisories/43105 Broken Link
http://secunia.com/advisories/43118 Broken Link
http://secunia.com/advisories/60799 Broken Link
http://ubuntu.com/usn/usn-1056-1 Third Party Advisory
http://www.debian.org/security/2011/dsa-2151 Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 Broken Link
http://www.openoffice.org/security/cves/CVE-2010-3450.html Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0181.html Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0182.html Broken Link
http://www.securityfocus.com/bid/46031 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025002 Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0230 Broken Link
http://www.vupen.com/english/advisories/2011/0232 Broken Link
http://www.vupen.com/english/advisories/2011/0279 Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=602324 Issue Tracking Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*

History

21 Nov 2024, 01:18

Type Values Removed Values Added
References () http://osvdb.org/70711 - Broken Link () http://osvdb.org/70711 - Broken Link
References () http://secunia.com/advisories/40775 - Broken Link () http://secunia.com/advisories/40775 - Broken Link
References () http://secunia.com/advisories/42999 - Broken Link () http://secunia.com/advisories/42999 - Broken Link
References () http://secunia.com/advisories/43065 - Broken Link () http://secunia.com/advisories/43065 - Broken Link
References () http://secunia.com/advisories/43105 - Broken Link () http://secunia.com/advisories/43105 - Broken Link
References () http://secunia.com/advisories/43118 - Broken Link () http://secunia.com/advisories/43118 - Broken Link
References () http://secunia.com/advisories/60799 - Broken Link () http://secunia.com/advisories/60799 - Broken Link
References () http://ubuntu.com/usn/usn-1056-1 - Third Party Advisory () http://ubuntu.com/usn/usn-1056-1 - Third Party Advisory
References () http://www.debian.org/security/2011/dsa-2151 - Third Party Advisory () http://www.debian.org/security/2011/dsa-2151 - Third Party Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml - Third Party Advisory () http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml - Third Party Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 - Broken Link
References () http://www.openoffice.org/security/cves/CVE-2010-3450.html - Vendor Advisory () http://www.openoffice.org/security/cves/CVE-2010-3450.html - Vendor Advisory
References () http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html - Third Party Advisory () http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html - Third Party Advisory
References () http://www.redhat.com/support/errata/RHSA-2011-0181.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2011-0181.html - Broken Link
References () http://www.redhat.com/support/errata/RHSA-2011-0182.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2011-0182.html - Broken Link
References () http://www.securityfocus.com/bid/46031 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/46031 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.securitytracker.com/id?1025002 - Broken Link, Third Party Advisory, VDB Entry () http://www.securitytracker.com/id?1025002 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.vupen.com/english/advisories/2011/0230 - Broken Link () http://www.vupen.com/english/advisories/2011/0230 - Broken Link
References () http://www.vupen.com/english/advisories/2011/0232 - Broken Link () http://www.vupen.com/english/advisories/2011/0232 - Broken Link
References () http://www.vupen.com/english/advisories/2011/0279 - Broken Link () http://www.vupen.com/english/advisories/2011/0279 - Broken Link
References () https://bugzilla.redhat.com/show_bug.cgi?id=602324 - Issue Tracking, Patch, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=602324 - Issue Tracking, Patch, Third Party Advisory

Information

Published : 2011-01-28 22:00

Updated : 2024-11-21 01:18


NVD link : CVE-2010-3450

Mitre link : CVE-2010-3450

CVE.ORG link : CVE-2010-3450


JSON object : View

Products Affected

canonical

  • ubuntu_linux

apache

  • openoffice

debian

  • debian_linux
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')