First published: Thu Jun 30 2011(Updated: )
The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU Groff | <=1.21 | |
GNU Groff | =1.16.1 | |
GNU Groff | =1.16 | |
GNU Groff | =1.19.2 | |
GNU Groff | =1.18.1 | |
GNU Groff | =1.11a | |
GNU Groff | =1.19.1 | |
GNU Groff | =1.20 | |
GNU Groff | =1.19 | |
GNU Groff | =1.20.1 | |
GNU Groff | =1.14 | |
GNU Groff | =1.17.2 | |
GNU Groff | =1.10 | |
GNU Groff | =1.17.1 | |
GNU Groff | =1.11 | |
GNU Groff | =1.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.