Lucene search

K
gentooGentoo FoundationGLSA-201310-14
HistoryOct 25, 2013 - 12:00 a.m.

Groff: Multiple Vulnerabilities

2013-10-2500:00:00
Gentoo Foundation
security.gentoo.org
18

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

0.009 Low

EPSS

Percentile

82.5%

Background

GNU Troff (Groff) is a text formatter used for man pages.

Description

Multiple vulnerabilities have been discovered in Groff. Please review the CVE identifiers referenced below for details.

Impact

A context-dependent attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All Groff users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/groff-1.22.2"
OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-apps/groff< 1.22.2UNKNOWN

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

0.009 Low

EPSS

Percentile

82.5%