CVE-2004-0969

CWE-3777 documents7 sources

Severity

2.1LOW

EPSS

0.1%

top 68.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Groff Ubuntu Ubuntu Linux

Timeline

PublishedFeb 9

Latest updateApr 29

Description

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debiangroff< 1.18.1.1-2+3

▶NVDgnu/groff1.19

Also affects: Ubuntu Linux 4.1

Patches

Patch: www.gentoo.org ↗Patch: www.securityfocus.com ↗Patch: www.gentoo.org ↗

🔴Vulnerability Details

GHSA

GHSA-r5c9-rvx3-whrv: The groffer script in the Groff package 1↗2022-04-29

▶

OSV

CVE-2004-0969: The groffer script in the Groff package 1↗2005-02-09

▶

CVEList

CVE-2004-0969: The groffer script in the Groff package 1↗2004-10-20

▶

📋Vendor Advisories

Red Hat

groff: roff2.pl and groffer.pl use easy-to-guess temporary file names↗2009-08-14

▶

Ubuntu

groff utility vulnerability↗2004-11-02

▶

Debian

CVE-2004-0969: groff - The groffer script in the Groff package 1.18 and later versions, as used in Trus...↗2004

▶