First published: Mon Jan 12 2015(Updated: )
It was reported [1] that mktexlsr script uses /tmp in an insecure way. Part of original report: ... This is how mktexlsr uses temporary files (with boring parts snipped): treefile="${TMPDIR-/tmp}/mktexlsrtrees$$.tmp" # ... while test $# -gt 0; do # ... (umask 077 if echo "$1" >>"$treefile"; then :; else echo "$progname: $treefile: could not append to arg file, goodbye." >&2 exit 1 fi # ... done This is insecure because the filename is predictable and, more importantly, the program doesn't fail atomically if the file already exists. ... Suggested patch is attached. [1]: <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Tug Texlive | =20100722 | |
Tug Texlive | =20110705 | |
Tug Texlive | =20120701 | |
Tug Texlive | =20130530 | |
Tug Texlive | =20140525 | |
ubuntu/texlive-bin | <2013.20130729.30972-2ubuntu0.1 | 2013.20130729.30972-2ubuntu0.1 |
ubuntu/texlive-bin | <2014.20140926.35254-5 | 2014.20140926.35254-5 |
debian/texlive-bin | 2020.20200327.54578-7+deb11u1 2022.20220321.62855-5.1+deb12u1 2024.20240313.70630+ds-4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-5700 is a vulnerability that allows local users to write to arbitrary files via a symlink attack in mktexlsr revision 22855 through revision 36625 as packaged in texlive.
The texlive package versions 2014.20140926.35254-5, 2013.20130729.30972-2ubuntu0.1, 20100722, 20110705, 20120701, 20130530, and 20140525 are affected by CVE-2015-5700.
This vulnerability can be exploited by local users who can create a symlink attack to write to arbitrary files.
The severity of CVE-2015-5700 is medium with a severity value of 6.1.
You can find more information about CVE-2015-5700 at the following references: [1] [2] [3].