Vulnerabilites related to gnu - groff
CVE-2009-5078 (GCVE-0-2009-5078)
Vulnerability from cvelistv5
Published
2011-06-30 15:26
Modified
2024-08-07 07:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090809 CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/09/1"
},
{
"name": "[oss-security] 20090810 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/10/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338"
},
{
"name": "36381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36381"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-16T23:57:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090809 CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/09/1"
},
{
"name": "[oss-security] 20090810 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/10/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338"
},
{
"name": "36381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36381"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090809 CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/09/1"
},
{
"name": "[oss-security] 20090810 Re: CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/10/2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338"
},
{
"name": "36381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36381"
},
{
"name": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz",
"refsource": "CONFIRM",
"url": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5078",
"datePublished": "2011-06-30T15:26:00",
"dateReserved": "2011-06-30T00:00:00",
"dateUpdated": "2024-08-07T07:24:54.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0803 (GCVE-0-2000-0803)
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 05:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:28:41.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "gnu-groff-utilities(5280)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "gnu-groff-utilities(5280)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5280"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gnu-groff-utilities(5280)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5280"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0803",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2000-09-22T00:00:00",
"dateUpdated": "2024-08-08T05:28:41.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0003 (GCVE-0-2002-0003)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 02:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2002:012",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php"
},
{
"name": "HPSBTL0201-014",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/3793"
},
{
"name": "linux-groff-preprocessor-bo(7881)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7881"
},
{
"name": "RHSA-2002:004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-004.html"
},
{
"name": "3869",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3869"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-16T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2002:012",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php"
},
{
"name": "HPSBTL0201-014",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://online.securityfocus.com/advisories/3793"
},
{
"name": "linux-groff-preprocessor-bo(7881)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7881"
},
{
"name": "RHSA-2002:004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-004.html"
},
{
"name": "3869",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3869"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2002:012",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php"
},
{
"name": "HPSBTL0201-014",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/3793"
},
{
"name": "linux-groff-preprocessor-bo(7881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7881"
},
{
"name": "RHSA-2002:004",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-004.html"
},
{
"name": "3869",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3869"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0003",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-01-02T00:00:00",
"dateUpdated": "2024-08-08T02:35:17.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5082 (GCVE-0-2009-5082)
Vulnerability from cvelistv5
Published
2011-06-30 15:26
Modified
2024-09-16 20:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-06-30T15:26:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"name": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h"
},
{
"name": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff",
"refsource": "CONFIRM",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5082",
"datePublished": "2011-06-30T15:26:00Z",
"dateReserved": "2011-06-30T00:00:00Z",
"dateUpdated": "2024-09-16T20:22:44.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1022 (GCVE-0-2001-1022)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:06.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CLA-2001:428",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000428"
},
{
"name": "DSA-107",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-107"
},
{
"name": "linux-groff-format-string(6918)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6918"
},
{
"name": "3103",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3103"
},
{
"name": "DSA-072",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2001/dsa-072"
},
{
"name": "1914",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1914"
},
{
"name": "RHSA-2002:004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-004.html"
},
{
"name": "20010727 ADV/EXP:pic/lpd remote exploit - RH 7.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/199706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CLA-2001:428",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000428"
},
{
"name": "DSA-107",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-107"
},
{
"name": "linux-groff-format-string(6918)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6918"
},
{
"name": "3103",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3103"
},
{
"name": "DSA-072",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2001/dsa-072"
},
{
"name": "1914",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1914"
},
{
"name": "RHSA-2002:004",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-004.html"
},
{
"name": "20010727 ADV/EXP:pic/lpd remote exploit - RH 7.0",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/199706"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2001:428",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000428"
},
{
"name": "DSA-107",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-107"
},
{
"name": "linux-groff-format-string(6918)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6918"
},
{
"name": "3103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3103"
},
{
"name": "DSA-072",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-072"
},
{
"name": "1914",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1914"
},
{
"name": "RHSA-2002:004",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-004.html"
},
{
"name": "20010727 ADV/EXP:pic/lpd remote exploit - RH 7.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/199706"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1022",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:44:06.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5080 (GCVE-0-2009-5080)
Vulnerability from cvelistv5
Published
2011-06-30 15:26
Modified
2024-08-07 07:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"name": "MDVSA-2013:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"name": "MDVSA-2013:086",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-11T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"name": "MDVSA-2013:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"name": "MDVSA-2013:086",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"name": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h"
},
{
"name": "MDVSA-2013:085",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"name": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff",
"refsource": "CONFIRM",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"name": "MDVSA-2013:086",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5080",
"datePublished": "2011-06-30T15:26:00",
"dateReserved": "2011-06-30T00:00:00",
"dateUpdated": "2024-08-07T07:24:54.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0969 (GCVE-0-2004-0969)
Vulnerability from cvelistv5
Published
2004-10-20 04:00
Modified
2024-08-08 00:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200411-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
},
{
"name": "script-temporary-file-overwrite(17583)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"name": "MDKSA-2006:038",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038"
},
{
"name": "11287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11287"
},
{
"name": "2004-0050",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"name": "18764",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18764"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200411-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
},
{
"name": "script-temporary-file-overwrite(17583)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"name": "MDKSA-2006:038",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038"
},
{
"name": "11287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11287"
},
{
"name": "2004-0050",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"name": "18764",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18764"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200411-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
},
{
"name": "script-temporary-file-overwrite(17583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"name": "MDKSA-2006:038",
"refsource": "MANDRIVA",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038"
},
{
"name": "11287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11287"
},
{
"name": "2004-0050",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"name": "18764",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18764"
},
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313",
"refsource": "CONFIRM",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0969",
"datePublished": "2004-10-20T04:00:00",
"dateReserved": "2004-10-19T00:00:00",
"dateUpdated": "2024-08-08T00:38:59.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5044 (GCVE-0-2009-5044)
Vulnerability from cvelistv5
Published
2011-06-24 20:00
Modified
2024-08-07 07:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.014Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090809 CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/09/1"
},
{
"name": "[oss-security] 20090810 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/10/2"
},
{
"name": "44999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44999"
},
{
"name": "36381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36381"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz"
},
{
"name": "MDVSA-2013:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330"
},
{
"name": "MDVSA-2013:086",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-08-16T23:57:03",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090809 CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/09/1"
},
{
"name": "[oss-security] 20090810 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/10/2"
},
{
"name": "44999",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44999"
},
{
"name": "36381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36381"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz"
},
{
"name": "MDVSA-2013:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330"
},
{
"name": "MDVSA-2013:086",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090809 CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/09/1"
},
{
"name": "[oss-security] 20090810 Re: CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/10/2"
},
{
"name": "44999",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/44999"
},
{
"name": "36381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36381"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"name": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h"
},
{
"name": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz",
"refsource": "CONFIRM",
"url": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz"
},
{
"name": "MDVSA-2013:085",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff",
"refsource": "CONFIRM",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330"
},
{
"name": "MDVSA-2013:086",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5044",
"datePublished": "2011-06-24T20:00:00",
"dateReserved": "2011-01-14T00:00:00",
"dateUpdated": "2024-08-07T07:24:54.014Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1296 (GCVE-0-2004-1296)
Vulnerability from cvelistv5
Published
2004-12-31 05:00
Modified
2024-08-08 00:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041220 [USN-43-1] groff utility vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110358225615424\u0026w=2"
},
{
"name": "MDKSA-2006:038",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038"
},
{
"name": "groff-eqn2graph-pic2graph-symlink(18660)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18660"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041220 [USN-43-1] groff utility vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110358225615424\u0026w=2"
},
{
"name": "MDKSA-2006:038",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038"
},
{
"name": "groff-eqn2graph-pic2graph-symlink(18660)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18660"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041220 [USN-43-1] groff utility vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110358225615424\u0026w=2"
},
{
"name": "MDKSA-2006:038",
"refsource": "MANDRIVA",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038"
},
{
"name": "groff-eqn2graph-pic2graph-symlink(18660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18660"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1296",
"datePublished": "2004-12-31T05:00:00",
"dateReserved": "2004-12-21T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5081 (GCVE-0-2009-5081)
Vulnerability from cvelistv5
Published
2011-06-30 15:26
Modified
2024-08-07 07:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"name": "MDVSA-2013:086",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-11T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"name": "MDVSA-2013:086",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"name": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h"
},
{
"name": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff",
"refsource": "CONFIRM",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"name": "MDVSA-2013:086",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5081",
"datePublished": "2011-06-30T15:26:00",
"dateReserved": "2011-06-30T00:00:00",
"dateUpdated": "2024-08-07T07:24:54.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5079 (GCVE-0-2009-5079)
Vulnerability from cvelistv5
Published
2011-06-30 15:26
Modified
2024-08-07 07:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"name": "MDVSA-2013:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"name": "MDVSA-2013:086",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-11T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"name": "MDVSA-2013:085",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"name": "MDVSA-2013:086",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"name": "[oss-security] 20090814 Re: CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"name": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1;r2=1.2;f=h"
},
{
"name": "MDVSA-2013:085",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"name": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff",
"refsource": "CONFIRM",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"name": "MDVSA-2013:086",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5079",
"datePublished": "2011-06-30T15:26:00",
"dateReserved": "2011-06-30T00:00:00",
"dateUpdated": "2024-08-07T07:24:54.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-06-30 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff | Patch | |
| cve@mitre.org | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/14/4 | Patch | |
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/14/5 | Patch | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:085 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:086 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/14/4 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/14/5 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:085 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:086 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:groff:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EE516B-88DB-47BC-AC1D-66B7C8E39AB1",
"versionEndIncluding": "1.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "35017C15-4CCD-4B44-9108-F5650319A009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AC4613-F1BE-4EEE-84C3-A13D2AC048B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.11a:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6BD17C-0DE9-405D-BC02-E996FBC4F97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5493392A-B8E1-4F71-A1ED-6889FD1CC217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF86410-1841-4549-A0FE-3D16C6CCE383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C91EE2C2-DE96-494D-BEEE-D07ED74EDEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB1389A-0F7D-4616-8553-AF1E40B05256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A1AC6-2820-4992-B652-EF6FD308D643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59A32AD0-B019-4FAF-BC8A-01FE6F90628E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A81CEA14-F694-431F-BAC9-BBB8CC09BBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3A17D1-F3A9-45FC-A943-C47B8121599C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D64601D-0EA0-40AD-9E25-74360051CC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D944298-B544-4D38-96A3-5CA22C9C3C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6F737E42-B8F1-4C9C-B3E9-382BCE43859D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ECE4B65-2CE6-44B6-B29E-97ECA0014C1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296."
},
{
"lang": "es",
"value": "Los scripts (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, y (3) contrib/pic2graph/pic2graph.sh en GNU troff (tambi\u00e9n conocido como groff) v1.21 y anteriores no maneja adecuadamente ciertos intentos fallidos para crear directorios temporales, lo que permite a usuarios locales sobreescribir ficheros de su elecci\u00f3n a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un fichero en un directorio temporal, una vulnerabilidad diferente que CVE-2004-1296"
}
],
"id": "CVE-2009-5080",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-30T15:55:01.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"source": "cve@mitre.org",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-30 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz | Patch | |
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html | Vendor Advisory | |
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/09/1 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/10/2 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/36381 | ||
| cve@mitre.org | https://support.apple.com/kb/HT205031 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/09/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/10/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36381 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT205031 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:groff:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF8D628-0287-470B-B8CA-18C7BF453B4D",
"versionEndIncluding": "1.20.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "35017C15-4CCD-4B44-9108-F5650319A009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AC4613-F1BE-4EEE-84C3-A13D2AC048B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.11a:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6BD17C-0DE9-405D-BC02-E996FBC4F97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5493392A-B8E1-4F71-A1ED-6889FD1CC217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF86410-1841-4549-A0FE-3D16C6CCE383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C91EE2C2-DE96-494D-BEEE-D07ED74EDEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB1389A-0F7D-4616-8553-AF1E40B05256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A1AC6-2820-4992-B652-EF6FD308D643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59A32AD0-B019-4FAF-BC8A-01FE6F90628E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A81CEA14-F694-431F-BAC9-BBB8CC09BBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3A17D1-F3A9-45FC-A943-C47B8121599C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D64601D-0EA0-40AD-9E25-74360051CC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D944298-B544-4D38-96A3-5CA22C9C3C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6F737E42-B8F1-4C9C-B3E9-382BCE43859D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document."
},
{
"lang": "es",
"value": "contrib/pdfmark/pdfroff.sh en GNU troff (tambi\u00e9n conocido como groff) antes de v1.21 lanza el programa Ghostscript sin la opcion -dSAFER, lo que permite a usuarios remotos crear, sobrescribir, renombrar o eliminar archivos de su elecci\u00f3n a trav\u00e9s de un documento manipulado."
}
],
"id": "CVE-2009-5078",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2011-06-30T15:55:01.583",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2009/08/09/1"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2009/08/10/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36381"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2009/08/09/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2009/08/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-30 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff | Patch | |
| cve@mitre.org | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/14/4 | Patch | |
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/14/5 | Patch | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:086 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/14/4 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/14/5 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:086 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:groff:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EE516B-88DB-47BC-AC1D-66B7C8E39AB1",
"versionEndIncluding": "1.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "35017C15-4CCD-4B44-9108-F5650319A009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AC4613-F1BE-4EEE-84C3-A13D2AC048B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.11a:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6BD17C-0DE9-405D-BC02-E996FBC4F97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5493392A-B8E1-4F71-A1ED-6889FD1CC217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF86410-1841-4549-A0FE-3D16C6CCE383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C91EE2C2-DE96-494D-BEEE-D07ED74EDEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB1389A-0F7D-4616-8553-AF1E40B05256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A1AC6-2820-4992-B652-EF6FD308D643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59A32AD0-B019-4FAF-BC8A-01FE6F90628E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A81CEA14-F694-431F-BAC9-BBB8CC09BBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3A17D1-F3A9-45FC-A943-C47B8121599C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D64601D-0EA0-40AD-9E25-74360051CC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D944298-B544-4D38-96A3-5CA22C9C3C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6F737E42-B8F1-4C9C-B3E9-382BCE43859D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ECE4B65-2CE6-44B6-B29E-97ECA0014C1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969."
},
{
"lang": "es",
"value": "Los scripts (1) config.guess ,(2) contrib / groffer / perl / groffer.pl, y (3) contrib/groffer/perl/roff2.pl en GNU troff (tambi\u00e9n conocido como groff) v1.21 y anteriores, utilizan un n\u00famero insuficiente de X caracteres en el argumento plantilla (template) en la funci\u00f3n tempfile, lo que hace m\u00e1s f\u00e1cil para los usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlaces simb\u00f3licos en un archivo temporal, una vulnerabilidad diferente a CVE-2004-0969."
}
],
"id": "CVE-2009-5081",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-30T15:55:01.770",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"source": "cve@mitre.org",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-30 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff | Patch | |
| cve@mitre.org | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/14/4 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/14/5 | Patch | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:085 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:086 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/14/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/14/5 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:085 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:086 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:groff:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66EE516B-88DB-47BC-AC1D-66B7C8E39AB1",
"versionEndIncluding": "1.21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "35017C15-4CCD-4B44-9108-F5650319A009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AC4613-F1BE-4EEE-84C3-A13D2AC048B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.11a:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6BD17C-0DE9-405D-BC02-E996FBC4F97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5493392A-B8E1-4F71-A1ED-6889FD1CC217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF86410-1841-4549-A0FE-3D16C6CCE383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C91EE2C2-DE96-494D-BEEE-D07ED74EDEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB1389A-0F7D-4616-8553-AF1E40B05256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A1AC6-2820-4992-B652-EF6FD308D643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59A32AD0-B019-4FAF-BC8A-01FE6F90628E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A81CEA14-F694-431F-BAC9-BBB8CC09BBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3A17D1-F3A9-45FC-A943-C47B8121599C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D64601D-0EA0-40AD-9E25-74360051CC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D944298-B544-4D38-96A3-5CA22C9C3C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6F737E42-B8F1-4C9C-B3E9-382BCE43859D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ECE4B65-2CE6-44B6-B29E-97ECA0014C1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file."
},
{
"lang": "es",
"value": "Las secuencias de comandos (1) gendef.sh, (2) doc/fixinfo.sh, y (3) contrib/gdiffmk/tests/runtests.in en GNU troff (tambi\u00e9n conocido como groff) v1.21 y anteriores permite a usuarios locales sobrescribir archivos a trav\u00e9s de un ataque \"symlink\" en un archivo temporal gro#####.tmp o /tmp/#####"
}
],
"id": "CVE-2009-5079",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-30T15:55:01.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"source": "cve@mitre.org",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-02-27 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://online.securityfocus.com/advisories/3793 | ||
| cve@mitre.org | http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2002-004.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/3869 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/7881 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/advisories/3793 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2002-004.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3869 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/7881 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:groff:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1E11ADF-D0E7-49E9-B68E-A4A5BCFCD725",
"versionEndIncluding": "1.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en el preprocesador de groff 1.16 y anteriores permite que un atacante obtenga privilegios de lpd en el sistema de impresi\u00f3n LPRng"
}
],
"id": "CVE-2002-0003",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-02-27T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/advisories/3793"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-004.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/3869"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/advisories/3793"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/3869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7881"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-30 15:55
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff | Patch | |
| cve@mitre.org | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/14/4 | Patch | |
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/14/5 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/14/4 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/14/5 | Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:groff:1.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9ECE4B65-2CE6-44B6-B29E-97ECA0014C1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:openwall:owl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95AEFC6A-370C-4426-941D-223AC9BE61A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file."
},
{
"lang": "es",
"value": "Las secuencias de comandos (1) configure y (2) config.guess en GNU troff (tambi\u00e9n conocido como groff) v1.20.1 en Openwall GNU/*/Linux (tambi\u00e9n conocido como Owl) crea archivos temporales de forma inapropiada mediante un fallo de la funci\u00f3n mktemp, lo que hace m\u00e1s facil para usuarios locales sobrescribir archivos de su elecci\u00f3n a trav\u00e9s de un ataque \"symlink\" a un archivo temporal."
}
],
"id": "CVE-2009-5082",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-30T15:55:01.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"source": "cve@mitre.org",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371 | ||
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372 | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=110358225615424&w=2 | ||
| cve@mitre.org | http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/18660 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=110358225615424&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/18660 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:groff:1.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A81CEA14-F694-431F-BAC9-BBB8CC09BBCB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files."
}
],
"id": "CVE-2004-1296",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110358225615424\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110358225615424\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"lastModified": "2007-03-14T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-09 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313 | ||
| cve@mitre.org | http://secunia.com/advisories/18764 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/11287 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.trustix.org/errata/2004/0050 | ||
| cve@mitre.org | http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18764 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11287 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.trustix.org/errata/2004/0050 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gnu | groff | 1.19 | |
| gentoo | linux | * | |
| ubuntu | ubuntu_linux | 4.1 | |
| ubuntu | ubuntu_linux | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3A17D1-F3A9-45FC-A943-C47B8121599C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
"matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files."
}
],
"id": "CVE-2004-0969",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-09T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18764"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11287"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"source": "cve@mitre.org",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2004/0050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17583"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-07-26 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000428 | ||
| cve@mitre.org | http://www.debian.org/security/2001/dsa-072 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2002/dsa-107 | ||
| cve@mitre.org | http://www.osvdb.org/1914 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2002-004.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/199706 | Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/3103 | Exploit, Patch | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/6918 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000428 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2001/dsa-072 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2002/dsa-107 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/1914 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2002-004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/199706 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3103 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/6918 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:groff:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "35017C15-4CCD-4B44-9108-F5650319A009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AC4613-F1BE-4EEE-84C3-A13D2AC048B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.11a:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6BD17C-0DE9-405D-BC02-E996FBC4F97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5493392A-B8E1-4F71-A1ED-6889FD1CC217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF86410-1841-4549-A0FE-3D16C6CCE383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB1389A-0F7D-4616-8553-AF1E40B05256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jgroff:jgroff:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9687B381-9EC4-45DB-A9A2-9AAFC6BF9D3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command."
}
],
"id": "CVE-2001-1022",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-26T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000428"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-072"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-107"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/1914"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/archive/1/199706"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/3103"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6918"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2001/dsa-072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/1914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/archive/1/199706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/3103"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6918"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-06-24 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz | Patch | |
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330 | ||
| cve@mitre.org | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff | Patch | |
| cve@mitre.org | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/09/1 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/10/2 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/14/4 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2009/08/14/5 | ||
| cve@mitre.org | http://secunia.com/advisories/44999 | Vendor Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:085 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:086 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/36381 | ||
| cve@mitre.org | https://support.apple.com/kb/HT205031 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/09/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/10/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/14/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2009/08/14/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44999 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:085 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:086 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36381 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT205031 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:groff:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FF8D628-0287-470B-B8CA-18C7BF453B4D",
"versionEndIncluding": "1.20.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "35017C15-4CCD-4B44-9108-F5650319A009",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B8AC4613-F1BE-4EEE-84C3-A13D2AC048B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.11a:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6BD17C-0DE9-405D-BC02-E996FBC4F97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "5493392A-B8E1-4F71-A1ED-6889FD1CC217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BDF86410-1841-4549-A0FE-3D16C6CCE383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C91EE2C2-DE96-494D-BEEE-D07ED74EDEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EDB1389A-0F7D-4616-8553-AF1E40B05256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D4A1AC6-2820-4992-B652-EF6FD308D643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59A32AD0-B019-4FAF-BC8A-01FE6F90628E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A81CEA14-F694-431F-BAC9-BBB8CC09BBCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3A17D1-F3A9-45FC-A943-C47B8121599C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D64601D-0EA0-40AD-9E25-74360051CC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1D944298-B544-4D38-96A3-5CA22C9C3C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:groff:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6F737E42-B8F1-4C9C-B3E9-382BCE43859D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file."
},
{
"lang": "es",
"value": "contrib/pdfmark/pdfroff.sh en GNU troff (tambi\u00e9n conocido como groff) antes de v1.21 permite sobreescribir ficheros de su elecci\u00f3n a los usuarios locales a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un fichero temporal pdf#####.tmp ."
}
],
"id": "CVE-2009-5044",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-06-24T20:55:01.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"source": "cve@mitre.org",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2009/08/09/1"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2009/08/10/2"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44999"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/36381"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/kb/HT205031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2009/08/09/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2009/08/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2009/08/14/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2009/08/14/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/kb/HT205031"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-19 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:groff:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D12195B-922F-44A8-BC6E-5FA696CB83AB",
"versionEndExcluding": "1.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff."
}
],
"id": "CVE-2000-0803",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-19T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5280"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}