Lucene search

Debian Security Advisory DSA 072-1 (groff)

Debian Security Advisory DSA 072-1 (groff) describes a security fix for the GNU troff package version 1.15.2-2 due to a printf format attack vulnerability in the pic command, allowing arbitrary code execution

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 9
OpenVAS	Debian Security Advisory DSA 107-1 (jgroff)	17 Jan 200800:00	–	openvas
OpenVAS	Debian Security Advisory DSA 107-1 (jgroff)	17 Jan 200800:00	–	openvas
OpenVAS	Debian Security Advisory DSA 072-1 (groff)	17 Jan 200800:00	–	openvas
Cvelist	CVE-2001-1022	25 Jun 200204:00	–	cvelist
Tenable Nessus	Debian DSA-072-1 : groff - printf format attack	29 Sep 200400:00	–	nessus
Tenable Nessus	Debian DSA-107-1 : jgroff - format print vulnerability	29 Sep 200400:00	–	nessus
NVD	CVE-2001-1022	26 Jul 200104:00	–	nvd
CERT	Linux groff utility pic contains format string vulnerability	27 Oct 200300:00	–	cert
CVE	CVE-2001-1022	25 Jun 200204:00	–	cve

Source	Link
secure1	www.secure1.securityspace.com/smysecure/catid.html

# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.53822");
  script_cve_id("CVE-2001-1022");
  script_version("2023-07-19T05:05:15+0000");
  script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
  script_tag(name:"creation_date", value:"2008-01-17 14:24:38 +0100 (Thu, 17 Jan 2008)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_name("Debian Security Advisory DSA 072-1 (groff)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 E-Soft Inc.");
  script_family("Debian Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB2\.2");
  script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20072-1");
  script_tag(name:"insight", value:"Zenith Parse found a security problem in groff (the GNU version of
troff). The pic command was vulnerable to a printf format attack
which made it possible to circumvent the -S option and execute
arbitrary code.

This has been fixed in version 1.15.2-2.");
  script_tag(name:"summary", value:"The remote host is missing an update to groff
announced via advisory DSA 072-1.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution", value:"Please install the updated package(s).");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if((res = isdpkgvuln(pkg:"groff", ver:"1.15.2-2", rls:"DEB2.2")) != NULL) {
  report += res;
}

if(report != "") {
  security_message(data:report);
} else if(__pkg_match) {
  exit(99);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Jan 2008 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS27.5

EPSS0.22952