Wind River Support Network

HomeDefectsLIN6-5163

Fixed

LIN6-5163 : Security Advisory - groff - CVE-2009-5081

Created: Jul 7, 2011 Updated: Dec 3, 2018

Resolved Date: Jul 21, 2014

Previous ID: LIN3-21739

Found In Version: 6.0

Fix Version: 6.0.0.10

Severity: Severe

Applicable for: Wind River Linux 6

Component/s: Userspace

Description

The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) contrib/groffer/perl/roff2.pl scripts in GNU troff (aka groff) 1.21 and earlier use an insufficient number of X characters in the template argument to the tempfile function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file, a different vulnerability than CVE-2004-0969.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-5081

Steps to Reproduce

Unknown

Other Downloads

Rolling Cumulative Patch Layer 29 for Wind River Linux 4.0 + Update Pack 3
Rolling Cumulative Patch Layer 30 for Wind River Linux 4.0 + Update Pack 3
Rolling Cumulative Patch Layer 31 for Wind River Linux 4.0 + Update Pack 3
Rolling Cumulative Patch Layer 32 for Wind River Linux 4.0 + Update Pack 3
Wind River Linux 6.0.0.29
Wind River Linux 6.0.0.30
Wind River Linux 6.0.0.31
Wind River Linux 6.0.0.32
Wind River Linux 6.0.0.33
Wind River Linux 6.0.0.34
Wind River Linux 6.0.0.35
Wind River Linux 6.0.0.36
Wind River Linux 6.0.0.37
Wind River Linux 6.0.0.38