SB2011063002 - Multiple vulnerabilities in GNU groff

Security Bulletin ID SB2011063002

Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Link following (CVE-ID: CVE-2009-5079)

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.

2) Link following (CVE-ID: CVE-2009-5080)

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.

3) Link following (CVE-ID: CVE-2009-5081)

The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.

The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.

Remediation

Install update from vendor's website.

SB2011063002 - Multiple vulnerabilities in GNU groff

Breakdown by Severity

Description

Remediation

References