Vulnerability Description
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Groff | 1.20.1 |
| Openwall | Owl | All versions |
Related Weaknesses (CWE)
References
- http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmPatch
- http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tm
- http://openwall.com/lists/oss-security/2009/08/14/4Patch
- http://openwall.com/lists/oss-security/2009/08/14/5Patch
- http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmPatch
- http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tm
- http://openwall.com/lists/oss-security/2009/08/14/4Patch
- http://openwall.com/lists/oss-security/2009/08/14/5Patch
FAQ
What is CVE-2009-5082?
CVE-2009-5082 is a vulnerability with a CVSS score of 3.3 (LOW). The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it...
How severe is CVE-2009-5082?
CVE-2009-5082 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-5082?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Groff, Openwall Owl.