Overview
The pic component of the image processing package groff contains a format string vulnerability that could allow a remote attacker to execute arbitrary code.
Description
groff is an image processing package on Linux systems. A component of groff called pic contains a format-string vulnerability that can be exploited to execute arbitrary code. Since groff and pic are used by lpd to render documents for printing, an attacker can craft a printer spool file to execute arbitrary code on an lpd print server. |
Impact
Remote attackers can cause execution of arbitrary code. |
Solution
Apply a patch or upgrade Apply a patch or upgrade as appropriate. See the Systems Affected section for more details. |
Vendor Information
Apple Computer Inc. Affected
Notified: September 26, 2002 Updated: October 28, 2003
Status
Affected
Vendor Statement
This is fixed in Mac OS X 10.3. There is no known exploit for this on Mac OS X, and this fix is a preventative measure against a possible future exploit. For further information on Mac OS X 10.3, please see http://www.apple.com/macosx/
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Conectiva Affected
Notified: September 26, 2002 Updated: October 28, 2003
Status
Affected
Vendor Statement
Conectiva addressed this vulnerability in the CLSA-2001:428 security announcement:
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000428&idioma=en
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Debian Affected
Notified: September 26, 2002 Updated: October 28, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see DSA-072-1.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Hewlett-Packard Company Affected
Notified: September 26, 2002 Updated: October 28, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
HP Secure OS Software for Linux is affected, please see HPSBTL0201-014.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MandrakeSoft Affected
Notified: September 26, 2002 Updated: October 28, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see MDKSA-2002-012.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NetBSD Affected
Notified: September 26, 2002 Updated: October 28, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see NetBSD-SA2002-022.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Openwall GNU/*/Linux Affected
Notified: September 26, 2002 Updated: October 28, 2003
Status
Affected
Vendor Statement
While Openwall GNU/*/Linux doesn't (yet?) include a print server, our groff package did have the unfortunate pic(1) property and did provide a print filter for use on potentially untrusted input by a third-party print server package one could install. This has been corrected in Owl-current and documented as a potential security fix in the system-wide change log on 2001/09/02 (over a year ago):
http://www.openwall.com/Owl/CHANGES.shtml
A patch by Sebastian Krahmer of SuSE Security Team has been applied to pic(1) to restrict the format string processing. The print filter has been dropped from the package.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Red Hat Inc. Affected
Notified: September 26, 2002 Updated: October 28, 2003
Status
Affected
Vendor Statement
Red Hat Linux 7, 7.1 and 7.2 were affected by this issue. An advisory issued in early 2002 for a different groff vulnerability also included the fixes for this issue. We will update the advisory to reflect that this issue was also fixed. Errata packages can be found at:
http://rhn.redhat.com/errata/RHSA-2002-004.html
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SCO Affected
Notified: September 26, 2002 Updated: October 28, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see CSSA-2002-057.0.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SuSE Inc. Affected
Notified: September 26, 2002 Updated: October 28, 2003
Status
Affected
Vendor Statement
We fixed this bug back in July 2001.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Trustix Affected
Updated: October 28, 2003
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see TSL-2002-0020-groff.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Cray Inc. Not Affected
Notified: September 26, 2002 Updated: October 28, 2003
Status
Not Affected
Vendor Statement
Cray, Inc. is not vulnerable as it does not provide the groff utility on any of its platforms.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sun Microsystems Inc. Not Affected
Notified: September 26, 2002 Updated: October 28, 2003
Status
Not Affected
Vendor Statement
Solaris doesn't include the 'pic' utility and the Sun Cobalt group do not include lpd nor do they support printing from their boxes. Thus Sun is not impacted by this issue.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Data General Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
FreeBSD Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Fujitsu Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Guardian Digital Inc. Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
IBM Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MontaVista Software Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NEC Corporation Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
OpenBSD Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SGI Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sequent Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sony Corporation Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Unisys Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Wind River Systems Inc. Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Wirex Unknown
Notified: September 26, 2002 Updated: October 27, 2003
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to zen-parse for reporting this vulnerability.
This document was written by Shawn Van Ittersum and Art Manion.
Other Information
| CVE IDs: | CVE-2001-1022 |
| Severity Metric: | 10.80 |
| Date Public: | 2001-07-26 |
| Date First Published: | 2003-10-27 |
| Date Last Updated: | 2003-10-28 17:18 UTC |
| Document Revision: | 13 |