Vulnerability Name:

CVE-2009-5078 (CCN-68433)

Assigned:2009-08-14
Published:2009-08-14
Updated:2016-03-30
Summary:contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
4.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-254
Vulnerability Consequences:Bypass Security
References:Source: CONFIRM
Type: Patch
ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338

Source: MITRE
Type: CNA
CVE-2009-5078

Source: APPLE
Type: Vendor Advisory
APPLE-SA-2015-08-13-2

Source: MLIST
Type: UNKNOWN
[oss-security] 20090809 CVE id request: groff (pdfroff)

Source: MLIST
Type: UNKNOWN
[oss-security] 20090810 Re: CVE id request: groff (pdfroff)

Source: CCN
Type: oss-security Mailing List, Fri, 14 Aug 2009 20:36:07 +0400
CVE id request: groff (pdfroff)

Source: CCN
Type: GNU Troff Web site
GNU Troff (Groff) - a GNU project

Source: CCN
Type: OSVDB ID: 74382
GNU troff contrib/pdfmark/pdfroff.sh Ghostscript Launch Arbitrary File Manipulation

Source: BID
Type: UNKNOWN
36381

Source: CCN
Type: BID-36381
GNU Troff pdfroff Insecure Temporary File Creation and Arbitrary File Access Vulnerabilities

Source: XF
Type: UNKNOWN
groff-pdfroff-security-bypass(68433)

Source: CONFIRM
Type: Vendor Advisory
https://support.apple.com/kb/HT205031

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:groff:1.10:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.11:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.11a:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.14:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.15:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.16:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.16.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.17.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.17.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.18.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.19:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.19.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.19.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.20:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:*:*:*:*:*:*:*:* (Version <= 1.20.1)

    • Configuration 2:
  • cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version <= 10.10.4)

    • Configuration CCN 1:
  • cpe:/a:gnu:groff:1.10:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.11:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.11a:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.14:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.15:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.16:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.16.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.18.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.19:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.17.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.19.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.20.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.17.1:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.19.2:*:*:*:*:*:*:*
  • OR cpe:/a:gnu:groff:1.20:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    gnu groff 1.10
    gnu groff 1.11
    gnu groff 1.11a
    gnu groff 1.14
    gnu groff 1.15
    gnu groff 1.16
    gnu groff 1.16.1
    gnu groff 1.17.1
    gnu groff 1.17.2
    gnu groff 1.18.1
    gnu groff 1.19
    gnu groff 1.19.1
    gnu groff 1.19.2
    gnu groff 1.20
    gnu groff *
    apple mac os x *
    gnu groff 1.10
    gnu groff 1.11
    gnu groff 1.11a
    gnu groff 1.14
    gnu groff 1.15
    gnu groff 1.16
    gnu groff 1.16.1
    gnu groff 1.18.1
    gnu groff 1.19
    gnu groff 1.17.2
    gnu groff 1.19.1
    gnu groff 1.20.1
    gnu groff 1.17.1
    gnu groff 1.19.2
    gnu groff 1.20