Published: 21/09/2005 Updated: 19/10/2018

CVSS v2 Base Score: 1.2 | Impact Score: 2.9 | Exploitability Score: 1.9

VMScore: 107

Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N

Subscribe to Gnu

The sort_offline function for texindex in texinfo 4.8 and previous versions allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu texinfo

Frank Lichtenheld discovered that the “texindex” program created temporary files in an insecure manner This could allow a symlink attack to create or overwrite arbitrary files with the privileges of the user running texindex ...

CWE-59 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365 http://www.securityfocus.com/bid/14854 http://www.mandriva.com/security/advisories?name=MDKSA-2005:175 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://www.ubuntu.com/usn/usn-194-1 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc http://securitytracker.com/id?1015468 http://securitytracker.com/id?1014992 http://secunia.com/advisories/16816 http://secunia.com/advisories/18401 http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml http://www.novell.com/linux/security/advisories/2005_23_sr.html http://secunia.com/advisories/17070 http://secunia.com/advisories/17076 http://secunia.com/advisories/17093 http://secunia.com/advisories/17211 http://secunia.com/advisories/17215 http://www.redhat.com/support/errata/RHSA-2006-0727.html ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P http://secunia.com/advisories/22929 http://www.debian.org/security/2006/dsa-1219 http://secunia.com/advisories/23112 http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html http://secunia.com/advisories/24788 http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/25402 http://www.vupen.com/english/advisories/2007/1939 http://www.vupen.com/english/advisories/2007/1267 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10589 http://www.securityfocus.com/archive/1/464745/100/0/threaded https://usn.ubuntu.com/194-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook