Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2006-038.NASL
HistoryFeb 10, 2006 - 12:00 a.m.

Mandrake Linux Security Advisory : groff (MDKSA-2006:038)

2006-02-1000:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
20

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

EPSS

0

Percentile

5.1%

JSON

The Trustix Secure Linux team discovered a vulnerability in the groffer utility, part of the groff package. It created a temporary directory in an insecure way which allowed for the exploitation of a race condition to create or overwrite files the privileges of the user invoking groffer.

Likewise, similar temporary file issues were fixed in the pic2graph and eqn2graph programs which now use mktemp to create temporary files, as discovered by Javier Fernandez-Sanguino Pena.

The updated packages have been patched to correct this issue.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2006:038. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20878);
  script_version("1.16");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2004-0969");
  script_xref(name:"MDKSA", value:"2006:038");

  script_name(english:"Mandrake Linux Security Advisory : groff (MDKSA-2006:038)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The Trustix Secure Linux team discovered a vulnerability in the
groffer utility, part of the groff package. It created a temporary
directory in an insecure way which allowed for the exploitation of a
race condition to create or overwrite files the privileges of the user
invoking groffer.

Likewise, similar temporary file issues were fixed in the pic2graph
and eqn2graph programs which now use mktemp to create temporary files,
as discovered by Javier Fernandez-Sanguino Pena.

The updated packages have been patched to correct this issue."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:groff");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:groff-for-man");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:groff-gxditview");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:groff-perl");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/02/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/02/10");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.1", reference:"groff-1.19-6.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"groff-for-man-1.19-6.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"groff-gxditview-1.19-6.1.101mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.1", reference:"groff-perl-1.19-6.1.101mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.2", reference:"groff-1.19-9.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"groff-for-man-1.19-9.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"groff-gxditview-1.19-9.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"groff-perl-1.19-9.1.102mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK2006.0", reference:"groff-1.19.1-1.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"groff-for-man-1.19.1-1.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"groff-gxditview-1.19.1-1.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"groff-perl-1.19.1-1.1.20060mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxgroffp-cpe:/a:mandriva:linux:groff
mandrivalinuxgroff-for-manp-cpe:/a:mandriva:linux:groff-for-man
mandrivalinuxgroff-gxditviewp-cpe:/a:mandriva:linux:groff-gxditview
mandrivalinuxgroff-perlp-cpe:/a:mandriva:linux:groff-perl
mandrakesoftmandrake_linux10.1cpe:/o:mandrakesoft:mandrake_linux:10.1
mandrivalinux2006cpe:/o:mandriva:linux:2006
mandrakesoftmandrake_linuxle2005x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Related

nessus 5
debiancve 2
nvd 2
openvas 6
ubuntu 1
freebsd 1
cvelist 2
ubuntucve 2
cve 2
gentoo 1
prion 1
slackware 1
nessus
nessus
FreeBSD : groff -- groffer uses temporary files unsafely (169f422f-bd88-11d9-a281-02e018374e71)
2005-07-13 00:00:00
Ubuntu 4.10 : groff utility vulnerability (USN-13-1)
2006-01-15 00:00:00
GLSA-200411-15 : OpenSSL, Groff: Insecure tempfile handling
2004-11-08 00:00:00
debiancve
debiancve
CVE-2004-0969
2005-02-09 05:00:00
CVE-2009-5081
2011-06-30 15:55:01
nvd
nvd
CVE-2004-0969
2005-02-09 05:00:00
CVE-2009-5081
2011-06-30 15:55:01
openvas
openvas
FreeBSD Ports: ja-groff
2008-09-04 00:00:00
FreeBSD Ports: ja-groff
2008-09-04 00:00:00
Ubuntu: Security Advisory (USN-13-1)
2022-08-26 00:00:00
ubuntu
ubuntu
groff utility vulnerability
2004-11-02 00:00:00
freebsd
freebsd
groff -- groffer uses temporary files unsafely
2004-09-30 00:00:00
cvelist
cvelist
CVE-2004-0969
2004-10-20 04:00:00
CVE-2009-5081
2011-06-30 15:26:00
ubuntucve
ubuntucve
CVE-2004-0969
2005-02-09 00:00:00
CVE-2009-5081
2011-06-30 00:00:00
cve
cve
CVE-2004-0969
2005-02-09 05:00:00
CVE-2009-5081
2011-06-30 15:55:01
gentoo
gentoo
OpenSSL, Groff: Insecure tempfile handling
2004-11-08 00:00:00
prion
prion
Authentication flaw
2011-06-30 15:55:00
slackware
slackware
slackware-current security updates
2005-09-08 15:55:02

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

EPSS

0

Percentile

5.1%

JSON
Related for MANDRAKE_MDKSA-2006-038.NASL
nessus5debiancve2nvd2openvas6ubuntu1freebsd1cvelist2ubuntucve2cve2gentoo1prion1slackware1