Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-5081

The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.

Published

2011-06-30T15:55:01.770

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 3.3 (LOW)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:N/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.4

Impact Score

4.9

Weaknesses
  • Type: Primary
    CWE-59
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application gnu groff ≤ 1.21 Yes
Application gnu groff 1.10 Yes
Application gnu groff 1.11 Yes
Application gnu groff 1.11a Yes
Application gnu groff 1.14 Yes
Application gnu groff 1.15 Yes
Application gnu groff 1.16 Yes
Application gnu groff 1.16.1 Yes
Application gnu groff 1.17.1 Yes
Application gnu groff 1.17.2 Yes
Application gnu groff 1.18.1 Yes
Application gnu groff 1.19 Yes
Application gnu groff 1.19.1 Yes
Application gnu groff 1.19.2 Yes
Application gnu groff 1.20 Yes
Application gnu groff 1.20.1 Yes
References