CVE-2009-5079

Publication date 30 June 2011

Last updated 24 July 2024

The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
groff	11.10 oneiric	Ignored
	11.04 natty	Ignored
	10.10 maverick	Ignored
	10.04 LTS lucid	Ignored
	8.04 LTS hardy	Ignored

How can I get the fixes?
What do statuses mean?

Notes

jdstrand

only exloitable in the build Debian CVE tracker lists this as fixed in 1.20.1-5, but it is not

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2009-5079