[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] groff vulnerability



Topic
=====
possibility of remote exploit due to bugs in groff package

Problem Description
===================
Groff is a document formatting system.  The groff preprocessor contains an
exploitable buffer overflow. If groff can be invoked within the LPRng
printing system, an attacker can gain rights as the "lp" user.

Remote exploitation may be possible if lpd is running and is accessible
remotely, and the attacker knows the name of the printer and spoolfile.

Affected Systems
================
groff versions that use the grn preprocessor
Unfortunately the RedHat advisory does not specify the vulnerable version
numbers. RH does not provide updates for RH 6.2 which uses version 1.15.
Also Debian explicitly states that Debian stable 2.2, which uses 1.15.2
is not vulnerable, whereas Debian unstable is vulnerable.
Therefore, I conclude that versions 1.15.x (and probably older) are
not vulnerable, whereas the 1.16.x and 1.17.x versions are vulnerable. 

Not Affected
============
Debian 2.2 stable

Solution
========

RedHat 7.0
----------
rpm -Fvh groff-1.16-7.1.i386.rpm

RedHat 7.1, 7.2
---------------
rpm -Fvh groff-1.17.2-7.0.2.i386.rpm