Bug 168142 - CAN-2004-1296 groff temporary file vulnerabilities in pic2graph and eqn2graph
CAN-2004-1296 groff temporary file vulnerabilities in pic2graph and eqn2graph
Status: CLOSED CANTFIX
Product: Fedora Legacy
Classification: Retired
Component: groff (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
http://cve.mitre.org/cgi-bin/cvename....
LEGACY, rh90, 1, 2, NEEDSWORK
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-09-12 16:48 EDT by David Eisenstein
Modified: 2007-04-18 13:31 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-04-11 20:42:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch for CAN-2004-1296 (3.80 KB, patch)
2005-09-12 16:48 EDT, David Eisenstein
no flags Details | Diff

  None (edit)
Description David Eisenstein 2005-09-12 16:48:22 EDT
+++ This bug was initially created as a clone of Bug #152840 +++

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1296

The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users
to overwrite arbitrary files via a symlink attack on temporary files.

Ref:  http://xforce.iss.net/xforce/xfdb/18660
Ref:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371
Ref:  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286372
Comment 1 David Eisenstein 2005-09-12 16:48:23 EDT
Created attachment 118741 [details]
Patch for CAN-2004-1296
Comment 2 David Eisenstein 2005-09-12 17:20:56 EDT
Red Hat 7.3 not vulnerable; does not contain the eqn2graph nor pic2graph
components.
Comment 3 David Eisenstein 2007-04-11 20:42:18 EDT
Red Hat Linux and Fedora Core releases <=4 are now completely unmaintained.
These bugs can't be fixed in these versions.  If the issue still persists in
current Fedora Core releases, please reopen.  Thank you, and sorry about this.

Note You need to log in before you can comment on or make changes to this bug.