Date: Sun, 9 Aug 2009 15:48:17 +0200 From: Nico Golde <oss-security+ml@...lde.de> To: oss-security@...ts.openwall.com Subject: CVE id request: groff (pdfroff) Hi, We got two bug reports in our BTS for groff with security impact which need CVE ids. First one: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330 pdfroff tool of groff is creating files in a insecure manner in the /tmp directory. Second: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 pdfroff tool of groff is calling ghostscript with the -dSAFER command line option. From the manpage: -dSAFER Disables the "deletefile" and "renamefile" operators and the ability to open files in any mode other than read-only. This strongly recommended for spoolers, conversion scripts or other sensitive environments where a badly written or malicious PostScript program code must be prevented from changing impor- tant files. This allows an attacker to delete or rename arbitrary victim owned files. Can you allocate CVE ids for that? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted. [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ