Vulnerability Description
While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Openoffice | 4.1.8 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2021/10/07/5Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r9e72234dd662280fa1a3cca6164d3470a1dbc0d8e5
- https://lists.apache.org/thread.html/rc9090ab48b4699494b63b35cd6d7414c52d665ecaeMailing ListVendor Advisory
- https://lists.apache.org/thread.html/rc9090ab48b4699494b63b35cd6d7414c52d665ecaeMailing ListVendor Advisory
- http://www.openwall.com/lists/oss-security/2021/10/07/5Mailing ListThird Party Advisory
- https://lists.apache.org/thread.html/r9e72234dd662280fa1a3cca6164d3470a1dbc0d8e5
- https://lists.apache.org/thread.html/rc9090ab48b4699494b63b35cd6d7414c52d665ecaeMailing ListVendor Advisory
- https://lists.apache.org/thread.html/rc9090ab48b4699494b63b35cd6d7414c52d665ecaeMailing ListVendor Advisory
FAQ
What is CVE-2021-28129?
CVE-2021-28129 is a vulnerability with a CVSS score of 7.8 (HIGH). While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop inte...
How severe is CVE-2021-28129?
CVE-2021-28129 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-28129?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Openoffice.