CVE-2009-5081

Name of the Vulnerable Software and Affected Versions groff versions prior to 1.22.2

Description The issue affects the groff package in Gentoo Linux, potentially leading to integrity and availability breaches of protected information. Exploitation can be done remotely. Specifically, in GNU troff (aka groff) 1.21 and earlier, certain scripts such as config.guess, contrib/groffer/perl/groffer.pl, and contrib/groffer/perl/roff2.pl use an insufficient number of X characters in the template argument to the tempfile function. This makes it easier for local users to overwrite arbitrary files via a symlink attack on a temporary file.

Recommendations For versions prior to 1.22.2, update to version 1.22.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the config.guess, groffer.pl, and roff2.pl scripts to minimize the risk of exploitation. Avoid using the tempfile function with insufficient X characters in the template argument until the issue is resolved.