Detections
Analytics

Debian DSA-107-1 : jgroff - format print vulnerability

high Nessus Plugin ID 14944

Synopsis

The remote Debian host is missing a security-related update.

Description

Basically, this is the same Security Advisory as DSA 072-1, but for jgroff instead of groff. The package jgroff contains a version derived from groff that has Japanese character sets enabled. This package is available only in the stable release of Debian, patches for Japanese support have been merged into the main groff package.

The old advisory said :

Zenith Parse found a security problem in groff (the GNU version of troff). The pic command was vulnerable to a printf format attack which made it possible to circumvent the `-S' option and execute arbitrary code.

Solution

Upgrade the affected jgroff package.

See Also

http://www.debian.org/security/2002/dsa-107

Plugin Details

Severity: High

ID: 14944

File Name: debian_DSA-107.nasl

Version: 1.19

Type: local

Agent: unix

Published: 9/29/2004

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:jgroff, cpe:/o:debian:debian_linux:2.2

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 1/30/2002

Vulnerability Publication Date: 7/26/2001

Reference Information

CVE: CVE-2001-1022

DSA: 107