Wind River Support Network


LIN6-5163 : Security Advisory - groff - CVE-2009-5081

Created: Jul 7, 2011    Updated: Dec 3, 2018
Resolved Date: Jul 21, 2014
Previous ID: LIN3-21739
Found In Version: 6.0
Fix Version:
Severity: Severe
Applicable for: Wind River Linux 6
Component/s: Userspace


The (1) config.guess, (2) contrib/groffer/perl/, and (3) contrib/groffer/perl/ scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.

Steps to Reproduce


Other Downloads

Live chat