CVE-2009-5082
EPSS 0.03%
Description
The (1) configure and (2) config.guess scripts in GNU troff (aka groff) 1.20.1 on Openwall GNU/*/Linux (aka Owl) improperly create temporary files upon a failure of the mktemp function, which makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.
How to fix CVE-2009-5082
To remediate CVE-2009-5082, upgrade the affected package to a fixed version below.
- Debian/groff—upgrade to 1.20.1-5 or later
Is CVE-2009-5082 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.20.1-5