FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

groff -- groffer uses temporary files unsafely

Affected packages
1.18 <= ja-groff < 1.18.1_8

Details

VuXML ID 169f422f-bd88-11d9-a281-02e018374e71
Discovery 2004-09-30
Entry 2005-05-09

The groffer script in the groff package 1.18 and later versions allows local users to overwrite files via a symlink attack on temporary files.

References

Bugtraq ID 11287
CVE Name CVE-2004-0969
FreeBSD PR ports/80671
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=278265