groff vulnerability
Created 1/18/02
CVE 2001-1022
CVE 2002-0003
Impact
If groff can be invoked by the printer daemon, a remote attacker
could exploit arbitrary commands with the privileges of the printer
daemon.
Background
groff is
the GNU version of the troff
document processor. It reads plain text mixed with formatting commands
and produces formatted output.
groff can be used by the print process to format printed documents.
The print process, which is controlled by a daemon called lpd,
accepts print requests from local and remote users.
The Problem
groff versions prior to 1.17.3 contain a format string vulnerability
in the processing of the pic command which could
allow an attacker to execute commands which would otherwise
be inaccessible. If groff can be invoked by the print process,
and the print process is enabled without access controls,
it could be possible for a remote attacker to execute arbitrary
commands with the privileges of the lpd daemon.
Resolution
Install the latest groff update from your vendor. The version
and release number containing the fix varies between vendors.
If print service is not needed, disable lpd.
Where can I read more about this?
More information is available in vendor advisories from
Red Hat,
Connectiva, and
Debian.