GNU Troff pdfroff Insecure Temporary File Creation and Arbitrary File Access Vulnerabilities

Bugtraq ID:	36381
Class:	Design Error
CVE:	CVE-2009-5044
Remote:	No
Local:	Yes
Published:	Jul 24 2009 12:00AM
Updated:	Apr 09 2013 05:08PM
Credit:	Brian M. Carlson
Vulnerable:	Red Hat Fedora 17 Red Hat Fedora 16 Red Hat Fedora 15 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 GNU groff 1.19.1 GNU groff 1.19 GNU groff 1.18 GNU groff 1.17.2 GNU groff 1.17 + Caldera OpenLinux Server 3.1.1 + Caldera OpenLinux Server 3.1 + Caldera OpenLinux Workstation 3.1.1 + Caldera OpenLinux Workstation 3.1 + HP Secure OS software for Linux 1.0 + Mandriva Linux Mandrake 8.1 ia64 + Mandriva Linux Mandrake 8.1 + RedHat Linux 7.2 ia64 + RedHat Linux 7.2 i386 + RedHat Linux 7.1 ia64 + RedHat Linux 7.1 i386 + RedHat Linux 7.1 alpha GNU groff 1.16 + MandrakeSoft Single Network Firewall 7.2 + MandrakeSoft Single Network Firewall 7.2 + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 ppc + Mandriva Linux Mandrake 8.0 + Mandriva Linux Mandrake 8.0 + Mandriva Linux Mandrake 7.2 + Mandriva Linux Mandrake 7.2 + RedHat Linux 7.2 ia64 + RedHat Linux 7.2 i386 + RedHat Linux 7.2 i386 + RedHat Linux 7.2 + RedHat Linux 7.2 + RedHat Linux 7.1 ia64 + RedHat Linux 7.1 ia64 + RedHat Linux 7.1 i386 + RedHat Linux 7.1 i386 + RedHat Linux 7.1 alpha + RedHat Linux 7.1 alpha + RedHat Linux 7.1 + RedHat Linux 7.1 + RedHat Linux 7.0 i386 + RedHat Linux 7.0 i386 + RedHat Linux 7.0 alpha + RedHat Linux 7.0 alpha + RedHat Linux 7.0 + RedHat Linux 7.0 GNU groff 1.15 + Debian Linux 2.2 sparc + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 powerpc + Debian Linux 2.2 arm + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2 + Debian Linux 2.2 GNU groff 1.14 GNU groff 1.11 a + RedHat Linux 5.2 i386 GNU groff 1.11 GNU groff 1.10 GNU groff 1.20

Not Vulnerable: