SUSE CVE-2004-1296

The 1 eqn2graph and 2 pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files...

CVE-2004-1296

The 1 eqn2graph and 2 pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files...

Fedora 16 : groff-1.21-4.fc16 (2012-8596)

older security fixes : - CVE-2009-5044: insecure temporary file handling in pdfroff - CVE-2009-5080: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph - CVE-2009-5081: roff2.pl and groffer.pl use easy-to-guess temporary file names Note that...

Fedora 17 : groff-1.21-9.fc17 (2012-8577)

older security fixes - CVE-2009-5044: insecure temporary file handling in pdfroff - CVE-2009-5080: improper handling of failed attempts to create temporary directories in eqn2graph/pic2graph/grap2graph - CVE-2009-5081: roff2.pl and groffer.pl use easy-to-guess temporary file names Note that Tenab...

DEBIAN-CVE-2009-5080

The 1 contrib/eqn2graph/eqn2graph.sh, 2 contrib/grap2graph/grap2graph.sh, and 3 contrib/pic2graph/pic2graph.sh scripts in GNU troff aka groff 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files...

Mandrake Linux Security Advisory : groff (MDKSA-2006:038)

The Trustix Secure Linux team discovered a vulnerability in the groffer utility, part of the groff package. It created a temporary directory in an insecure way which allowed for the exploitation of a race condition to create or overwrite files the privileges of the user invoking groffer. Likewise...

DEBIAN-CVE-2004-1296

The 1 eqn2graph and 2 pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files...