Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 9 Aug 2009 15:48:17 +0200
From: Nico Golde <>
Subject: CVE id request: groff (pdfroff)

We got two bug reports in our BTS for groff with security 
impact which need CVE ids.

First one:
pdfroff tool of groff is creating files in a insecure manner 
in the /tmp directory.

pdfroff tool of groff is calling ghostscript with the 
-dSAFER command line option. From the manpage:

              Disables  the  "deletefile"  and  "renamefile" operators and the
              ability to open files in any mode other  than  read-only.   This
              strongly  recommended  for spoolers, conversion scripts or other
              sensitive  environments  where  a  badly  written  or  malicious
              PostScript  program  code must be prevented from changing impor-
              tant files.

This allows an attacker to delete or rename arbitrary victim owned files.

Can you allocate CVE ids for that?


Nico Golde - - - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ