Mandriva Linux Security Advisory : groff (MDVSA-2013:086)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been found and corrected in groff :

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows
local users to overwrite arbitrary files via a symlink attack on a
pdf#####.tmp temporary file (CVE-2009-5044).

The (1) gendef.sh, (2) doc/fixinfo.sh, and (3)
contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff)
1.21 and earlier allow local users to overwrite arbitrary files via a
symlink attack on a gro#####.tmp or /tmp/##### temporary file
(CVE-2009-5079).

The (1) contrib/eqn2graph/eqn2graph.sh, (2)
contrib/grap2graph/grap2graph.sh, and (3)
contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21
and earlier do not properly handle certain failed attempts to create
temporary directories, which might allow local users to overwrite
arbitrary files via a symlink attack on a file in a temporary
directory, a different vulnerability than CVE-2004-1296
(CVE-2009-5080).

The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3)
contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21
and earlier use an insufficient number of X characters in the template
argument to the tempfile function, which makes it easier for local
users to overwrite arbitrary files via a symlink attack on a temporary
file, a different vulnerability than CVE-2004-0969 (CVE-2009-5081).

The updated packages have been patched to correct these issues.

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 3.3
(CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P)
CVSS Temporal Score : 2.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 66099 ()

Bugtraq ID: 36381
53937
53940

CVE ID: CVE-2009-5044
CVE-2009-5079
CVE-2009-5080
CVE-2009-5081

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now