CVE-2009-5081

CWE-59 CWE-3778 documents7 sources

Severity

3.3LOW

EPSS

0.1%

top 69.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Groff

Timeline

PublishedJun 30

Latest updateMay 2

Description

The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages2 packages

▶Debiangroff< 1.20.1-5+3

▶NVDgnu/groff1.21+15

Patches

Patch: cvsweb.openwall.com ↗Patch: openwall.com ↗Patch: openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-8mmw-rg27-gmpp: The (1) config↗2022-05-02

▶

CVEList

CVE-2009-5081: The (1) config↗2011-06-30

▶

OSV

CVE-2009-5081: The (1) config↗2011-06-30

▶

📋Vendor Advisories

Red Hat

groff: roff2.pl and groffer.pl use easy-to-guess temporary file names↗2009-08-14

▶

Debian

CVE-2009-5081: groff - The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groff...↗2009

▶

💬Community

Bugzilla

CVE-2009-5080 CVE-2009-5081 groff various flaws [fedora-all]↗2011-07-08

▶

Bugzilla

CVE-2009-5081 groff: roff2.pl and groffer.pl use easy-to-guess temporary file names↗2011-07-08

▶