Vulnerabilities > CVE-2009-5078 - 7PK - Security Features vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201310-14.NASL description The remote host is affected by the vulnerability described in GLSA-201310-14 (Groff: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in Groff. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 70649 published 2013-10-27 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70649 title GLSA-201310-14 : Groff: Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201310-14. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(70649); script_version("1.9"); script_cvs_date("Date: 2018/07/12 19:01:15"); script_cve_id("CVE-2009-5044", "CVE-2009-5078", "CVE-2009-5079", "CVE-2009-5080", "CVE-2009-5081", "CVE-2009-5082"); script_bugtraq_id(36381, 53937, 53940); script_xref(name:"GLSA", value:"201310-14"); script_name(english:"GLSA-201310-14 : Groff: Multiple Vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201310-14 (Groff: Multiple Vulnerabilities) Multiple vulnerabilities have been discovered in Groff. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could perform symlink attacks to overwrite arbitrary files with the privileges of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201310-14" ); script_set_attribute( attribute:"solution", value: "All Groff users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/groff-1.22.2'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:groff"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/27"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-apps/groff", unaffected:make_list("ge 1.22.2"), vulnerable:make_list("lt 1.22.2"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Groff"); }
NASL family MacOS X Local Security Checks NASL id MACOSX_10_10_5.NASL description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple ID OD Plug-in - AppleGraphicsControl - Bluetooth - bootp - CloudKit - CoreMedia Playback - CoreText - curl - Data Detectors Engine - Date & Time pref pane - Dictionary Application - DiskImages - dyld - FontParser - groff - ImageIO - Install Framework Legacy - IOFireWireFamily - IOGraphics - IOHIDFamily - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - mail_cmds - Notification Center OSX - ntfs - OpenSSH - OpenSSL - perl - PostgreSQL - python - QL Office - Quartz Composer Framework - Quick Look - QuickTime 7 - SceneKit - Security - SMBClient - Speech UI - sudo - tcpdump - Text Formats - udf Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 85408 published 2015-08-17 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85408 title Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities
References
- ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338
- http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
- http://openwall.com/lists/oss-security/2009/08/09/1
- http://openwall.com/lists/oss-security/2009/08/10/2
- http://www.securityfocus.com/bid/36381
- https://support.apple.com/kb/HT205031