CVE-2009-5080

2011-06-3015:55:01

Debian Security Bug Tracker

security-tracker.debian.org

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296.

OSVersionArchitecturePackageVersionFilename
Debian12allgroff< 1.20.1-5groff_1.20.1-5_all.deb
Debian11allgroff< 1.20.1-5groff_1.20.1-5_all.deb
Debian10allgroff< 1.20.1-5groff_1.20.1-5_all.deb
Debian999allgroff< 1.20.1-5groff_1.20.1-5_all.deb
Debian13allgroff< 1.20.1-5groff_1.20.1-5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	groff	< 1.20.1-5	groff_1.20.1-5_all.deb
Debian	11	all	groff	< 1.20.1-5	groff_1.20.1-5_all.deb
Debian	10	all	groff	< 1.20.1-5	groff_1.20.1-5_all.deb
Debian	999	all	groff	< 1.20.1-5	groff_1.20.1-5_all.deb
Debian	13	all	groff	< 1.20.1-5	groff_1.20.1-5_all.deb