6 results (0.007 seconds)

CVSS: 3.3EPSS: 0%CPEs: 16EXPL: 0

The (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, and (3) contrib/pic2graph/pic2graph.sh scripts in GNU troff (aka groff) 1.21 and earlier do not properly handle certain failed attempts to create temporary directories, which might allow local users to overwrite arbitrary files via a symlink attack on a file in a temporary directory, a different vulnerability than CVE-2004-1296. Los scripts (1) contrib/eqn2graph/eqn2graph.sh, (2) contrib/grap2graph/grap2graph.sh, y (3) contrib/pic2graph/pic2graph.sh en GNU troff (también conocido como groff) v1.21 y anteriores no maneja adecuadamente ciertos intentos fallidos para crear directorios temporales, lo que permite a usuarios locales sobreescribir ficheros de su elección a través de un ataque de enlace simbólico sobre un fichero en un directorio temporal, una vulnerabilidad diferente que CVE-2004-1296 • http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h http://openwall.com/lists/oss-security/2009/08/14/4 http://openwall.com/lists/oss-security/2009/08/14/5 http://www.mandriva.com/security/advisories?name=MDVSA-2013:085 http://www.mandriva.com/security/advisories?name=MDVSA-2013:086 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document. contrib/pdfmark/pdfroff.sh en GNU troff (también conocido como groff) antes de v1.21 lanza el programa Ghostscript sin la opcion -dSAFER, lo que permite a usuarios remotos crear, sobrescribir, renombrar o eliminar archivos de su elección a través de un documento manipulado. • ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://openwall.com/lists/oss-security/2009/08/09/1 http://openwall.com/lists/oss-security/2009/08/10/2 http://www.securityfocus.com/bid/36381 https://support.apple.com/kb/HT205031 • CWE-254: 7PK - Security Features •

CVSS: 3.3EPSS: 0%CPEs: 16EXPL: 0

The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969. Los scripts (1) config.guess ,(2) contrib / groffer / perl / groffer.pl, y (3) contrib/groffer/perl/roff2.pl en GNU troff (también conocido como groff) v1.21 y anteriores, utilizan un número insuficiente de X caracteres en el argumento plantilla (template) en la función tempfile, lo que hace más fácil para los usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos en un archivo temporal, una vulnerabilidad diferente a CVE-2004-0969. • http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h http://openwall.com/lists/oss-security/2009/08/14/4 http://openwall.com/lists/oss-security/2009/08/14/5 http://www.mandriva.com/security/advisories?name=MDVSA-2013:086 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 3.3EPSS: 0%CPEs: 16EXPL: 0

The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) contrib/gdiffmk/tests/runtests.in scripts in GNU troff (aka groff) 1.21 and earlier allow local users to overwrite arbitrary files via a symlink attack on a gro#####.tmp or /tmp/##### temporary file. Las secuencias de comandos (1) gendef.sh, (2) doc/fixinfo.sh, y (3) contrib/gdiffmk/tests/runtests.in en GNU troff (también conocido como groff) v1.21 y anteriores permite a usuarios locales sobrescribir archivos a través de un ataque "symlink" en un archivo temporal gro#####.tmp o /tmp/##### • http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h http://openwall.com/lists/oss-security/2009/08/14/4 http://openwall.com/lists/oss-security/2009/08/14/5 http://www.mandriva.com/security/advisories?name=MDVSA-2013:085 http://www.mandriva.com/security/advisories?name=MDVSA-2013:086 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 3.3EPSS: 0%CPEs: 16EXPL: 0

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file. contrib/pdfmark/pdfroff.sh en GNU troff (también conocido como groff) antes de v1.21 permite sobreescribir ficheros de su elección a los usuarios locales a través de un ataque de enlace simbólico sobre un fichero temporal pdf#####.tmp . • ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330 http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://openwall.com/lists/oss-security/2009/08/09/1 http://ope • CWE-59: Improper Link Resolution Before File Access ('Link Following') •