107 matches found
CVE-2009-5080
The 1 contrib/eqn2graph/eqn2graph.sh, 2 contrib/grap2graph/grap2graph.sh, and 3 contrib/pic2graph/pic2graph.sh scripts in GNU troff aka groff 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files...
DEBIAN-CVE-2009-5078
contrib/pdfmark/pdfroff.sh in GNU troff aka groff before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document...
DEBIAN-CVE-2009-5079
The 1 gendef.sh, 2 doc/fixinfo.sh, and 3 contrib/gdiffmk/tests/runtests.in scripts in GNU troff aka groff 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro.tmp or /tmp/ temporary file...
DEBIAN-CVE-2009-5081
The 1 config.guess, 2 contrib/groffer/perl/groffer.pl, and 3 contrib/groffer/perl/roff2.pl scripts in GNU troff aka groff 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary fil...
DEBIAN-CVE-2009-5082
The 1 configure and 2 config.guess scripts in GNU troff aka groff 1.20.1 on Openwall GNU//Linux aka Owl improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file...
CVE-2009-5081
The 1 config.guess, 2 contrib/groffer/perl/groffer.pl, and 3 contrib/groffer/perl/roff2.pl scripts in GNU troff aka groff 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary fil...
CVE-2009-5079
The 1 gendef.sh, 2 doc/fixinfo.sh, and 3 contrib/gdiffmk/tests/runtests.in scripts in GNU troff aka groff 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro.tmp or /tmp/ temporary file...
Code injection
The 1 gendef.sh, 2 doc/fixinfo.sh, and 3 contrib/gdiffmk/tests/runtests.in scripts in GNU troff aka groff 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro.tmp or /tmp/ temporary file...
CVE-2009-5080
The 1 contrib/eqn2graph/eqn2graph.sh, 2 contrib/grap2graph/grap2graph.sh, and 3 contrib/pic2graph/pic2graph.sh scripts in GNU troff aka groff 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files...
CVE-2009-5080
The 1 contrib/eqn2graph/eqn2graph.sh, 2 contrib/grap2graph/grap2graph.sh, and 3 contrib/pic2graph/pic2graph.sh scripts in GNU troff aka groff 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files...
CVE-2009-5082
CVE-2009-5082 affects Groff (GNU troff) 1.20.1 on Openwall GNU/*/Linux. The mktemp failure in configure and config.guess can cause insecure temporary files, enabling local users to overwrite arbitrary files via a symlink attack. Public notes across multiple sources confirm a local-privilege impac...
CVE-2009-5081
The 1 config.guess, 2 contrib/groffer/perl/groffer.pl, and 3 contrib/groffer/perl/roff2.pl scripts in GNU troff aka groff 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary fil...
CVE-2009-5081
CVE-2009-5081 affects GNU troff (Groff) up to and including 1.21. The vulnerability arises in the tempfile usage due to an insufficient number of X characters in the template argument, enabling a local attacker to overwrite arbitrary files via a symlink attack on a temporary file. Multiple source...
CVE-2009-5080
CVE-2009-5080 affects GNU troff (groff) 1.21 and earlier, due to improper handling of failed temporary-directory creation in the eqn2graph/ grap2graph/ pic2graph scripts, enabling local symlink attacks to overwrite files. Connected sources confirm the vulnerable components are eqn2graph/eqn2graph...
CVE-2009-5079
Vulnerability summary (CVE-2009-5079) : In Groff (GNU troff) versions up to 1.21 and earlier, several scripts (gendef.sh, doc/fixinfo.sh, contrib/gdiffmk/tests/runtests.in) allow local users to overwrite arbitrary files via a symlink attack on groff temporary files (gro#####.tmp or /tmp/#####). T...
CVE-2009-5078
The CVE-2009-5078 issue affects GNU troff (groff) before 1.21: contrib/pdfmark/pdfroff.sh launches Ghostscript without the -dSAFER option, enabling a remote attacker to create, overwrite, rename, or delete arbitrary files via a crafted document. Impact is partial integrity and partial availabilit...
DEBIAN-CVE-2009-5044
contrib/pdfmark/pdfroff.sh in GNU troff aka groff before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf.tmp temporary file...
CVE-2009-5044
CVE-2009-5044 affects Groff (GNU Troff) via contrib/pdfmark/pdfroff.sh, where groff before 1.21 creates insecure temporary files (pdf#####.tmp) that can be exploited by a local user to overwrite arbitrary files through a symlink attack. Public sources in connected docs confirm this vulnerability ...
Gentoo Security Advisory GLSA 200411-15 (OpenSSL)
The remote host is missing updates announced in advisory GLSA 200411-15. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Gentoo Security Advisory GLSA 200411-15 (OpenSSL)
The remote host is missing updates announced in advisory GLSA 200411-15. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...