Date: Sun, 9 Aug 2009 15:48:17 +0200 From: Nico Golde <oss-security+ml@...lde.de> To: oss-security@...ts.openwall.com Subject: CVE id request: groff (pdfroff) Hi, We got two bug reports in our BTS for groff with security impact which need CVE ids. First one: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538330 pdfroff tool of groff is creating files in a insecure manner in the /tmp directory. Second: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338 pdfroff tool of groff is calling ghostscript with the -dSAFER command line option. From the manpage: -dSAFER Disables the "deletefile" and "renamefile" operators and the ability to open files in any mode other than read-only. This strongly recommended for spoolers, conversion scripts or other sensitive environments where a badly written or malicious PostScript program code must be prevented from changing impor- tant files. This allows an attacker to delete or rename arbitrary victim owned files. Can you allocate CVE ids for that? Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted. Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.