Vulnerability Description
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Groff | 1.19 |
| Gentoo | Linux | All versions |
| Ubuntu | Ubuntu Linux | 4.1 |
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313
- http://secunia.com/advisories/18764
- http://www.gentoo.org/security/en/glsa/glsa-200411-15.xmlPatchVendor Advisory
- http://www.securityfocus.com/bid/11287PatchVendor Advisory
- http://www.trustix.org/errata/2004/0050
- http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136313
- http://secunia.com/advisories/18764
- http://www.gentoo.org/security/en/glsa/glsa-200411-15.xmlPatchVendor Advisory
- http://www.securityfocus.com/bid/11287PatchVendor Advisory
- http://www.trustix.org/errata/2004/0050
- http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:038
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
FAQ
What is CVE-2004-0969?
CVE-2004-0969 is a vulnerability with a CVSS score of 2.1 (LOW). The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a syml...
How severe is CVE-2004-0969?
CVE-2004-0969 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0969?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Groff, Gentoo Linux, Ubuntu Ubuntu Linux.