CVE-2009-5081

Publication date 30 June 2011

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Description

The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.

Read the notes from the security team

Status

Package Ubuntu Release Status
groff 11.10 oneiric Ignored
11.04 natty Ignored
10.10 maverick Ignored
10.04 LTS lucid Ignored
8.04 LTS hardy Ignored

Notes

jdstrand

only exloitable in the build Debian CVE tracker lists this as fixed in 1.20.1-5, but it is not

References

Other references

Access our resources on patching vulnerabilities