CVE-2009-5082

CWE-596 documents6 sources
Severity
3.3LOW
EPSS
0.0%
top 91.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Groff
Timeline
PublishedJun 30
Latest updateMay 2

Description

The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.

CVSS vector

AV:L/AC:M/C:N/I:P/A:PExploitability: 3.4 | Impact: 4.9

Affected Packages2 packages

Debiangroff< 1.20.1-5+3
NVDgnu/groff1.20.1

Patches

Patch: cvsweb.openwall.comPatch: openwall.comPatch: openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-6ww7-mx3f-8cq3: The (1) configure and (2) config2022-05-02
OSV
CVE-2009-5082: The (1) configure and (2) config2011-06-30
CVEList
CVE-2009-5082: The (1) configure and (2) config2011-06-30

📋Vendor Advisories

2
Debian
CVE-2009-5082: groff - The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 o...2009
Red Hat
CVE-2009-5082: The (1) configure and (2) config
CVE-2009-5082 (LOW CVSS 3.3) | The (1) configure and (2) config.gu | cvebase.io