Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1022

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1022
Last Modified 05 Sep 2008 04:25:29
Published 26 Jul 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1022

Summary

Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.

Vulnerable Systems

Application

  • Gnu Groff 1.10

  • Gnu Groff 1.11

  • Gnu Groff 1.11a

  • Gnu Groff 1.14

  • Gnu Groff 1.15

  • Gnu Groff 1.16.1

  • Jgroff


References

XF - linux-groff-format-string(6918)

BID - 3103

BUGTRAQ - 20010727 ADV/EXP:pic/lpd remote exploit - RH 7.0

DEBIAN - DSA-072

REDHAT - RHSA-2002:004

OSVDB - 1914

DEBIAN - DSA-107

CONECTIVA - CLA-2001:428


Last Updated: 27 May 2016 10:36:29