Notified: September 26, 2002 Updated: October 28, 2003
Affected
This is fixed in Mac OS X 10.3. There is no known exploit for this on Mac OS X, and this fix is a preventative measure against a possible future exploit. For further information on Mac OS X 10.3, please see http://www.apple.com/macosx/
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 28, 2003
Affected
Conectiva addressed this vulnerability in the CLSA-2001:428 security announcement: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000428&idioma=en
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 28, 2003
Not Affected
Cray, Inc. is not vulnerable as it does not provide the groff utility on any of its platforms.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 28, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see DSA-072-1.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 28, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
HP Secure OS Software for Linux is affected, please see HPSBTL0201-014.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 28, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see MDKSA-2002-012.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 28, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see NetBSD-SA2002-022.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 28, 2003
Affected
While Openwall GNU/*/Linux doesn't (yet?) include a print server, our groff package did have the unfortunate pic(1) property and did provide a print filter for use on potentially untrusted input by a third-party print server package one could install. This has been corrected in Owl-current and documented as a potential security fix in the system-wide change log on 2001/09/02 (over a year ago): http://www.openwall.com/Owl/CHANGES.shtml A patch by Sebastian Krahmer of SuSE Security Team has been applied to pic(1) to restrict the format string processing. The print filter has been dropped from the package.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 28, 2003
Affected
Red Hat Linux 7, 7.1 and 7.2 were affected by this issue. An advisory issued in early 2002 for a different groff vulnerability also included the fixes for this issue. We will update the advisory to reflect that this issue was also fixed. Errata packages can be found at: http://rhn.redhat.com/errata/RHSA-2002-004.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 28, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see CSSA-2002-057.0.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 28, 2003
Not Affected
Solaris doesn't include the 'pic' utility and the Sun Cobalt group do not include lpd nor do they support printing from their boxes. Thus Sun is not impacted by this issue.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 28, 2003
Affected
We fixed this bug back in July 2001.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Updated: October 28, 2003
Affected
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Please see TSL-2002-0020-groff.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: September 26, 2002 Updated: October 27, 2003
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.