CVE-2010-3450

Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/70711	Broken Link
http://secunia.com/advisories/40775	Broken Link
http://secunia.com/advisories/42999	Broken Link
http://secunia.com/advisories/43065	Broken Link
http://secunia.com/advisories/43105	Broken Link
http://secunia.com/advisories/43118	Broken Link
http://secunia.com/advisories/60799	Broken Link
http://ubuntu.com/usn/usn-1056-1	Third Party Advisory
http://www.debian.org/security/2011/dsa-2151	Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml	Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:027	Broken Link
http://www.openoffice.org/security/cves/CVE-2010-3450.html	Vendor Advisory
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0181.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0182.html	Broken Link
http://www.securityfocus.com/bid/46031	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1025002	Broken Link Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2011/0230	Broken Link
http://www.vupen.com/english/advisories/2011/0232	Broken Link
http://www.vupen.com/english/advisories/2011/0279	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=602324	Issue Tracking Patch Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:8.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:10.10:::::::*
	cpe:2.3:o:debian:debian_linux:5.0:::::::*
	cpe:2.3:o:debian:debian_linux:6.0:::::::*

History

07 Feb 2022, 17:02

Type	Values Removed	Values Added
First Time		Debian Debian debian Linux Apache Apache openoffice
CPE	cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:::::* cpe:2.3:a:sun:openoffice.org:2.1.0:::::::* cpe:2.3:a:sun:openoffice.org:2.3.0:::::::* cpe:2.3:a:sun:openoffice.org:3.0.1:::::::* cpe:2.3:a:sun:openoffice.org:3.2.1:::::::* cpe:2.3:a:sun:openoffice.org:2.0.4:::::::* cpe:2.3:a:sun:openoffice.org:2.3.1:::::::* cpe:2.3:a:sun:openoffice.org:2.4.3:::::::* cpe:2.3:a:sun:openoffice.org:3.1.0:::::::* cpe:2.3:a:sun:openoffice.org:2.2.0:::::::* cpe:2.3:a:sun:openoffice.org:2.0.3:::::::* cpe:2.3:a:sun:openoffice.org:2.4.0:::::::* cpe:2.3:a:sun:openoffice.org:3.1.1:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.04::::lts::: cpe:2.3:a:sun:openoffice.org:2.2.1:::::::* cpe:2.3:a:sun:openoffice.org:3.0.0:::::::* cpe:2.3:a:sun:openoffice.org:3.2.0:::::::* cpe:2.3:a:sun:openoffice.org:2.4.1:::::::* cpe:2.3:a:sun:openoffice.org:2.4.2:::::::* cpe:2.3:a:sun:openoffice.org:2.0.0:::::::*	cpe:2.3:o:debian:debian_linux:6.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:10.04:::::::* cpe:2.3:o:debian:debian_linux:5.0:::::::* cpe:2.3:o:canonical:ubuntu_linux:8.04:::::::* cpe:2.3:a:apache:openoffice::::::::
References	~~(DEBIAN) http://www.debian.org/security/2011/dsa-2151 -~~	(DEBIAN) http://www.debian.org/security/2011/dsa-2151 - Third Party Advisory
References	~~(OSVDB) http://osvdb.org/70711 -~~	(OSVDB) http://osvdb.org/70711 - Broken Link
References	~~(VUPEN) http://www.vupen.com/english/advisories/2011/0232 - Vendor Advisory~~	(VUPEN) http://www.vupen.com/english/advisories/2011/0232 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/42999 -~~	(SECUNIA) http://secunia.com/advisories/42999 - Broken Link
References	~~(SECTRACK) http://www.securitytracker.com/id?1025002 -~~	(SECTRACK) http://www.securitytracker.com/id?1025002 - Broken Link, Third Party Advisory, VDB Entry
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0181.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0181.html - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/60799 -~~	(SECUNIA) http://secunia.com/advisories/60799 - Broken Link
References	~~(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=602324 - Patch~~	(CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=602324 - Issue Tracking, Patch, Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/43118 -~~	(SECUNIA) http://secunia.com/advisories/43118 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/43065 - Vendor Advisory~~	(SECUNIA) http://secunia.com/advisories/43065 - Broken Link
References	~~(SECUNIA) http://secunia.com/advisories/43105 -~~	(SECUNIA) http://secunia.com/advisories/43105 - Broken Link
References	~~(CONFIRM) http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html -~~	(CONFIRM) http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html - Third Party Advisory
References	~~(REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0182.html -~~	(REDHAT) http://www.redhat.com/support/errata/RHSA-2011-0182.html - Broken Link
References	~~(UBUNTU) http://ubuntu.com/usn/usn-1056-1 -~~	(UBUNTU) http://ubuntu.com/usn/usn-1056-1 - Third Party Advisory
References	~~(SECUNIA) http://secunia.com/advisories/40775 -~~	(SECUNIA) http://secunia.com/advisories/40775 - Broken Link
References	~~(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 -~~	(MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2011:027 - Broken Link
References	~~(VUPEN) http://www.vupen.com/english/advisories/2011/0230 - Vendor Advisory~~	(VUPEN) http://www.vupen.com/english/advisories/2011/0230 - Broken Link
References	~~(VUPEN) http://www.vupen.com/english/advisories/2011/0279 -~~	(VUPEN) http://www.vupen.com/english/advisories/2011/0279 - Broken Link
References	~~(BID) http://www.securityfocus.com/bid/46031 -~~	(BID) http://www.securityfocus.com/bid/46031 - Broken Link, Third Party Advisory, VDB Entry
References	~~(GENTOO) http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml -~~	(GENTOO) http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml - Third Party Advisory

Information

Published : 2011-01-28 22:00

Updated : 2023-12-10 11:03

NVD link : CVE-2010-3450

Mitre link : CVE-2010-3450

CVE.ORG link : CVE-2010-3450

JSON object : View

Products Affected

canonical

ubuntu_linux

debian

debian_linux

apache

openoffice

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2010-3450", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2011-01-28T22:00:05.223", "references": [{"url": "http://osvdb.org/70711", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/40775", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/42999", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43065", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43105", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/43118", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/60799", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://ubuntu.com/usn/usn-1056-1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2011/dsa-2151", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:027", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.openoffice.org/security/cves/CVE-2010-3450.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0181.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2011-0182.html", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/46031", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1025002", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0230", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0232", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2011/0279", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=602324", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to overwrite arbitrary files via a .. (dot dot) in an entry in (1) an XSLT JAR filter description file, (2) an Extension (aka OXT) file, or unspecified other (3) JAR or (4) ZIP files."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de salto de directorio en OpenOffice.org (OOo) v2.x y v3.x anteriores a v3.3, permite a atacantes remotos a\u00f1adir y ejecutar comandos de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro \"site\" a (1) index.php y (2) admin.php."}], "lastModified": "2022-02-07T17:02:29.737", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F03BF098-236A-4442-9EFA-A8BEB52CEE33", "versionEndExcluding": "3.3.0", "versionStartIncluding": "2.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9BD9DD2-B468-4732-ABB1-742D83709B54"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87614B58-24AB-49FB-9C84-E8DDBA16353B"}, {"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"}, {"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}