CVE-2009-5082

Publication date 30 June 2011

Last updated 24 July 2024

Ubuntu priority

Low

Why this priority?

Description

The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.

Read the notes from the security team

Status

Package Ubuntu Release Status
groff 11.10 oneiric Ignored
11.04 natty Ignored
10.10 maverick Ignored
10.04 LTS lucid Ignored
8.04 LTS hardy Ignored

Notes

jdstrand

only exploitable during the build Debian CVE tracker lists this as fixed in 1.20.1-5, but it is not

References

Other references

Access our resources on patching vulnerabilities