CVE-2015-5701

Published: Aug 25, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20150730 Re: CVE request: mktexlsr/texlive: insecure use of /tmp

mailing-list

x_refsource_MLIST

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139

x_refsource_MISC

https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log

x_refsource_CONFIRM

https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1181167

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-5701

Description

Affected Products

References