Sun StarOffice 5.1 - Arbitrary File Read

Author: Vanja Hrustic
type: remote
platform: unix
port: 
date_added: 2000-03-09 
date_updated: 2012-07-13 
verified: 1 
codes: CVE-2000-0174;OSVDB-1249 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/1040/info

StarOffice is a desktop office suite offered by Sun Microsystems. StarScheduler is a groupware server that ships with StarOffice and includes a webserver that runs as root by default. When a request it sent to a webserver for a document, the StarScheduler httpd will follow "../" paths if provided. As a result, exploiting this allows an attacker to view any file on the target system (the server runs as root..), including files such as /etc/shadow.

http://starscheduler_server:801/../../../../etc/shadow