CVE-2009-5081

The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:N/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
gnugroff
𝑥
≤ 1.21
gnugroff
1.10
gnugroff
1.11
gnugroff
1.11a:a
gnugroff
1.14
gnugroff
1.15
gnugroff
1.16
gnugroff
1.16.1
gnugroff
1.17.1
gnugroff
1.17.2
gnugroff
1.18.1
gnugroff
1.19
gnugroff
1.19.1
gnugroff
1.19.2
gnugroff
1.20
gnugroff
1.20.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
groff
bullseye
1.22.4-6
fixed
bookworm
1.22.4-10
fixed
sid
1.23.0-5
fixed
trixie
1.23.0-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
groff
oneiric
ignored
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h
http://openwall.com/lists/oss-security/2009/08/14/4
http://openwall.com/lists/oss-security/2009/08/14/5
http://www.mandriva.com/security/advisories?name=MDVSA-2013:086
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h
http://openwall.com/lists/oss-security/2009/08/14/4
http://openwall.com/lists/oss-security/2009/08/14/5
http://www.mandriva.com/security/advisories?name=MDVSA-2013:086