Published: 09/02/2005 Updated: 11/07/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 up to and including 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu groff 1.19
gentoo linux
ubuntu ubuntu linux 4.1

Recently, Trustix Secure Linux discovered a vulnerability in the groff package The utility “groffer” created a temporary directory in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the program ...

NVD-CWE-Other http://www.securityfocus.com/bid/11287 http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml http://www.trustix.org/errata/2004/0050 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313 http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038 http://secunia.com/advisories/18764 https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 https://usn.ubuntu.com/13-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-0969

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect