[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] groff vulnerability

To: linux-security
Subject: [linux-security] groff vulnerability
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 17 Jan 2002 17:29:26 -0800
User-Agent: Mutt/1.2.5.1i

Topic
=====
possibility of remote exploit due to bugs in groff package

Problem Description
===================
Groff is a document formatting system.  The groff preprocessor contains an
exploitable buffer overflow. If groff can be invoked within the LPRng
printing system, an attacker can gain rights as the "lp" user.

Remote exploitation may be possible if lpd is running and is accessible
remotely, and the attacker knows the name of the printer and spoolfile.

Affected Systems
================
groff versions that use the grn preprocessor
Unfortunately the RedHat advisory does not specify the vulnerable version
numbers. RH does not provide updates for RH 6.2 which uses version 1.15.
Also Debian explicitly states that Debian stable 2.2, which uses 1.15.2
is not vulnerable, whereas Debian unstable is vulnerable.
Therefore, I conclude that versions 1.15.x (and probably older) are
not vulnerable, whereas the 1.16.x and 1.17.x versions are vulnerable. 

Not Affected
============
Debian 2.2 stable

Solution
========

RedHat 7.0
----------
rpm -Fvh groff-1.16-7.1.i386.rpm

RedHat 7.1, 7.2
---------------
rpm -Fvh groff-1.17.2-7.0.2.i386.rpm

Prev by Date: [linux-security] bugs in pine allow execution of arbitrary code
Next by Date: Re: [linux-security] glibc glob bug (Debian)
Prev by thread: [linux-security] xchat vlunerabilities
Next by thread: [linux-security] bugs in pine allow execution of arbitrary code
Index(es):
- Date
- Thread