CVE-2009-5082
Severity Score
3.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.
Las secuencias de comandos (1) configure y (2) config.guess en GNU troff (también conocido como groff) v1.20.1 en Openwall GNU/*/Linux (también conocido como Owl) crea archivos temporales de forma inapropiada mediante un fallo de la función mktemp, lo que hace más facil para usuarios locales sobrescribir archivos de su elección a través de un ataque "symlink" a un archivo temporal.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-06-30 CVE Reserved
- 2011-06-30 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff.diff?r1=1.1%3Br2=1.2%3Bf=h | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/groff/groff-1.20.1-owl-tmp.diff | 2023-11-07 | |
| http://openwall.com/lists/oss-security/2009/08/14/4 | 2023-11-07 | |
| http://openwall.com/lists/oss-security/2009/08/14/5 | 2023-11-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnu Search vendor "Gnu" | Groff Search vendor "Gnu" for product "Groff" | 1.20.1 Search vendor "Gnu" for product "Groff" and version "1.20.1" | - |
Affected
| in | Openwall Search vendor "Openwall" | Owl Search vendor "Openwall" for product "Owl" | * | - |
Safe
|