Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-5082HistoryOct 03, 2022 - 4:24 p.m.
CVE-2009-5082
2022-10-0316:24:01
Debian Security Bug Tracker
security-tracker.debian.org
8
cve-2009-5082
overwriting files
symlink attack
temporary files
local users
gnu troff
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | groff | < 1.20.1-5 | groff_1.20.1-5_all.deb |
| Debian | 11 | all | groff | < 1.20.1-5 | groff_1.20.1-5_all.deb |
| Debian | 999 | all | groff | < 1.20.1-5 | groff_1.20.1-5_all.deb |
| Debian | 13 | all | groff | < 1.20.1-5 | groff_1.20.1-5_all.deb |
Related
nvd
nvd
CVE-2009-5082
2011-06-30 15:55:01
redhatcve
redhatcve
CVE-2009-5082
2015-10-30 09:52:57
cvelist
cvelist
CVE-2009-5082
2022-10-03 16:24:01
cve
cve
CVE-2009-5082
2022-10-03 16:24:01
prion
prion
Design/Logic Flaw
2011-06-30 15:55:00
ubuntucve
ubuntucve
CVE-2009-5082
2011-06-30 00:00:00
gentoo
gentoo
Groff: Multiple Vulnerabilities
2013-10-25 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201310-14
2015-09-29 00:00:00
nessus
nessus
GLSA-201310-14 : Groff: Multiple Vulnerabilities
2013-10-27 00:00:00
3.3 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.1%
Related for DEBIANCVE:CVE-2009-5082