Lucene search

MitreCVE-2005-3011

HistorySep 21, 2005 - 8:03 p.m.

CVE-2005-3011

2005-09-2120:03:00

CWE-59

mitre

web.nvd.nist.gov

cve

2005

3011

texindex

texinfo

symlink attack

security vulnerability

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Affected configurations

Nvd

Node

gnutexinfoRange≤4.8

VendorProductVersionCPE
gnutexinfo*cpe:2.3:a:gnu:texinfo:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	texinfo	*	cpe:2.3:a:gnu:texinfo::::::::

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc

ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P

bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365

docs.info.apple.com/article.html?artnum=305530

lists.apple.com/archives/security-announce/2007/May/msg00004.html

lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html

secunia.com/advisories/16816

secunia.com/advisories/17070

secunia.com/advisories/17076

secunia.com/advisories/17093

secunia.com/advisories/17211

secunia.com/advisories/17215

secunia.com/advisories/18401

secunia.com/advisories/22929

secunia.com/advisories/23112

secunia.com/advisories/24788

secunia.com/advisories/25402

securitytracker.com/id?1014992

securitytracker.com/id?1015468

www.debian.org/security/2006/dsa-1219

www.gentoo.org/security/en/glsa/glsa-200510-04.xml

www.mandriva.com/security/advisories?name=MDKSA-2005:175

www.novell.com/linux/security/advisories/2005_23_sr.html

www.redhat.com/support/errata/RHSA-2006-0727.html

www.securityfocus.com/archive/1/464745/100/0/threaded

www.securityfocus.com/bid/14854

www.ubuntu.com/usn/usn-194-1

www.vmware.com/support/vi3/doc/esx-1121906-patch.html

www.vmware.com/support/vi3/doc/esx-2559638-patch.html

www.vupen.com/english/advisories/2007/1267

www.vupen.com/english/advisories/2007/1939

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10589

CVSS2

1.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:H/Au:N/C:N/I:P/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

28.0%

JSON

Related for CVE-2005-3011