Symlink Attack Vulnerability in Groff Package Used in Trustix Secure Linux
CVE-2004-0969

Currently unrated

Key Information:

Vendor: Gnu
Status: Groff
Vendor: CVE Published:; 9 February 2005

What is CVE-2004-0969?

The Groff package prior to the implementation of security measures allows local users to manipulate temporary file locations via symbolic links. This exploitation can lead to unauthorized file overwrites, potentially compromising system integrity and data security. The issue is present in Trustix Secure Linux versions 1.5 through 2.1 and can also affect other operating systems utilizing the vulnerable Groff package versions 1.18 and newer.

References

http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml

vendor-advisoryx_refsource_GENTOO

https://exchange.xforce.ibmcloud.com/vulnerabilities/17583

vdb-entryx_refsource_XF

http://wwwnew.mandriva.com/security/advisories?name=MDKSA...

vendor-advisoryx_refsource_MANDRIVA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 9, 2005
Vulnerability Reserved
Oct 19, 2004

Gnu

What is CVE-2004-0969?

References

Timeline