FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

groff -- pic2graph and eqn2graph are vulnerable to symlink attack through temporary files

Affected packages
1.18.1 <= ja-groff < 1.18.1_8

Details

VuXML ID 01bb84e2-bd88-11d9-a281-02e018374e71
Discovery 2004-12-20
Entry 2005-05-09

The eqn2graph and pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

References

Bugtraq ID 12058
CVE Name CVE-2004-1296
FreeBSD PR ports/80671
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.