CVE-2015-0296
First published: Fri Feb 27 2015(Updated: )
A flaw was found in the pre-install script of texlive-base package derived from texlive package. This flaw allows unprivileged user to remove arbitrary files on the system. ~ rpm -qa texlive-base --scripts preinstall scriptlet (using /bin/sh): rm -rf /usr/share/texlive/texmf-var rm -rf /var/lib/texmf/* # Following script in the preinstall scriplet allows attacker to remove arbitrary files on the systems for i in `find /home/*/.texlive* -type d -prune`; do find $i -name *.fmt -type f | xargs rm -f > /dev/null 2>&1 done ... Attacker can create a malicious file in his $HOME directory that would trigger file removal and wait for the texlive-base package to be updated by administrator, as when package will be updated it would run preinstall scriplet which would then run malicious file in attacker $HOME directory as privileged user. Reproducer and more information: <a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=1099238">https://bugzilla.redhat.com/show_bug.cgi?id=1099238</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TeX Live | =6.20131226_r32488.fc20 | |
| Fedora | =20 | |
| TeX Live | =3.1.20140525_r34255.fc21 | |
| Fedora | =21 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1099238
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1197084
- http://pkgs.fedoraproject.org/cgit/texlive.git/commit/?id=7fea493a0dfcd6e42329347cab50eb2ecdc0b69b
- https://bugzilla.redhat.com/show_bug.cgi?id=1197082
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154198.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154424.html
- http://www.openwall.com/lists/oss-security/2015/02/27/6
- http://www.securityfocus.com/bid/72826
Frequently Asked Questions
What is the severity of CVE-2015-0296?
CVE-2015-0296 is a high severity vulnerability because it allows unprivileged users to remove arbitrary files on the system.
How do I fix CVE-2015-0296?
To fix CVE-2015-0296, upgrade the texlive-base package to a version that does not contain the flawed pre-install script.
What systems are affected by CVE-2015-0296?
CVE-2015-0296 affects the texlive-base package on Fedora versions 20 and 21.
What is the description of CVE-2015-0296?
CVE-2015-0296 describes a vulnerability in the pre-install script of the texlive-base package that allows unprivileged users to delete arbitrary system files.
Can CVE-2015-0296 be exploited remotely?
CVE-2015-0296 requires local access to the system to exploit, as it involves executing the flawed pre-install script.
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-0296
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tug
- canonical/tex live
- version/tex live/6.20131226_r32488.fc20
- vendor/fedoraproject
- canonical/fedora
- version/fedora/20
- version/tex live/3.1.20140525_r34255.fc21
- version/fedora/21