Lucene search

[email protected]CVE-2009-5079

HistoryJun 30, 2011 - 3:55 p.m.

CVE-2009-5079

2011-06-3015:55:01

CWE-59

[email protected]

web.nvd.nist.gov

cve-2009-5079

gnu troff

groff

symlink attack

symlink vulnerability

file overwrite

security

nvd

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

AI Score

6.1

Confidence

High

EPSS

Percentile

5.1%

JSON

The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.

Affected configurations

NVD

Node

gnugroffRange≤1.21

gnugroffMatch1.10

gnugroffMatch1.11

gnugroffMatch1.11a

gnugroffMatch1.14

gnugroffMatch1.15

gnugroffMatch1.16

gnugroffMatch1.16.1

gnugroffMatch1.17.1

gnugroffMatch1.17.2

gnugroffMatch1.18.1

gnugroffMatch1.19

gnugroffMatch1.19.1

gnugroffMatch1.19.2

gnugroffMatch1.20

gnugroffMatch1.20.1

VendorProductVersionCPE
gnugroff1.11acpe:/a:gnu:groff:1.11a:::
gnugroff1.11cpe:/a:gnu:groff:1.11:::
gnugroff1.17.2cpe:/a:gnu:groff:1.17.2:::
gnugroff1.19.1cpe:/a:gnu:groff:1.19.1:::
gnugroff1.16.1cpe:/a:gnu:groff:1.16.1:::
gnugroff1.19.2cpe:/a:gnu:groff:1.19.2:::
gnugroff1.18.1cpe:/a:gnu:groff:1.18.1:::
gnugroff1.20.1cpe:/a:gnu:groff:1.20.1:::
gnugroff1.20cpe:/a:gnu:groff:1.20:::
gnugroff1.15cpe:/a:gnu:groff:1.15:::

Vendor	Product	Version	CPE
gnu	groff	1.11a	cpe:/a:gnu:groff:1.11a:::
gnu	groff	1.11	cpe:/a:gnu:groff:1.11:::
gnu	groff	1.17.2	cpe:/a:gnu:groff:1.17.2:::
gnu	groff	1.19.1	cpe:/a:gnu:groff:1.19.1:::
gnu	groff	1.16.1	cpe:/a:gnu:groff:1.16.1:::
gnu	groff	1.19.2	cpe:/a:gnu:groff:1.19.2:::
gnu	groff	1.18.1	cpe:/a:gnu:groff:1.18.1:::
gnu	groff	1.20.1	cpe:/a:gnu:groff:1.20.1:::
gnu	groff	1.20	cpe:/a:gnu:groff:1.20:::
gnu	groff	1.15	cpe:/a:gnu:groff:1.15:::