oss-sec mailing list archives
CVE id request: groff (pdfroff)
From: Nico Golde <oss-security+ml () ngolde de>
Date: Sun, 9 Aug 2009 15:48:17 +0200
Hi, We got two bug reports in our BTS for groff with security impact which need CVE ids. First one: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330 pdfroff tool of groff is creating files in a insecure manner in the /tmp directory. Second: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 pdfroff tool of groff is calling ghostscript with the -dSAFER command line option. From the manpage: -dSAFER Disables the "deletefile" and "renamefile" operators and the ability to open files in any mode other than read-only. This strongly recommended for spoolers, conversion scripts or other sensitive environments where a badly written or malicious PostScript program code must be prevented from changing impor- tant files. This allows an attacker to delete or rename arbitrary victim owned files. Can you allocate CVE ids for that? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE id request: groff (pdfroff) Nico Golde (Aug 09)
- Re: CVE id request: groff (pdfroff) Tomas Hoger (Aug 10)
- Re: CVE id request: groff (pdfroff) Solar Designer (Aug 14)
- Re: CVE id request: groff (pdfroff) Nico Golde (Aug 14)