Executive Summary
| Summary | |
|---|---|
| Title | New texinfo packages fix multiple vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | DSA-1219 | First vendor Publication | 2006-11-27 |
| Vendor | Debian | Last vendor Modification | 2006-11-27 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.6 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple vulnerabilities have been found in the GNU texinfo package, a documentation system for on-line information and printed output. CVE-2005-3011 Handling of temporary files is performed in an insecure manner, allowing an attacker to overwrite any file writable by the victim. CVE-2006-4810 A buffer overflow in util/texindex.c could allow an attacker to execute arbitrary code with the victim's access rights by inducing the victim to run texindex or tex2dvi on a specially crafted texinfo file. For the stable distribution (sarge), these problems have been fixed in version 4.7-2.2sarge2 Note that binary packages for the mipsel architecture are not currently available due to technical problems with the build host. These packages will be made available as soon as possible. For unstable (sid) and the upcoming stable release (etch), these problems have been fixed in version 4.8.dfsg.1-4 We recommend that you upgrade your texinfo package. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-1219 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10589 | |||
| Oval ID: | oval:org.mitre.oval:def:10589 | ||
| Title: | The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||
| Description: | The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-3011 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10893 | |||
| Oval ID: | oval:org.mitre.oval:def:10893 | ||
| Title: | Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. | ||
| Description: | Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2006-4810 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2009-10-10 | Name : SLES9: Security update for texinfo File : nvt/sles9p5014518.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200510-04 (Texinfo) File : nvt/glsa_200510_04.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200611-16 (texinfo) File : nvt/glsa_200611_16.nasl |
| 2008-09-04 | Name : FreeBSD Security Advisory (FreeBSD-SA-06:01.texindex.asc) File : nvt/freebsdsa_texindex.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1219-1 (texinfo) File : nvt/deb_1219_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 30246 | texinfo texindex Crafted Texinfo File Local Code Execution |
| 30245 | texinfo texi2dvi Crafted Texinfo File Local Code Execution |
| 19409 | GNU Texinfo textindex.c Symlink Arbitrary File Overwrite |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-01-19 | Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_texinfo_20140512.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2006-0727.nasl - Type : ACT_GATHER_INFO |
| 2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0727-1.nasl - Type : ACT_GATHER_INFO |
| 2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11299.nasl - Type : ACT_GATHER_INFO |
| 2009-04-23 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0727.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_texinfo-2263.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-379-1.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_texinfo-2264.nasl - Type : ACT_GATHER_INFO |
| 2007-05-25 | Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2007-005.nasl - Type : ACT_GATHER_INFO |
| 2007-02-18 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2006-203.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1202.nasl - Type : ACT_GATHER_INFO |
| 2007-01-17 | Name : The remote Fedora Core host is missing a security update. File : fedora_2006-1203.nasl - Type : ACT_GATHER_INFO |
| 2006-11-30 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1219.nasl - Type : ACT_GATHER_INFO |
| 2006-11-22 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200611-16.nasl - Type : ACT_GATHER_INFO |
| 2006-11-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0727.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-194-1.nasl - Type : ACT_GATHER_INFO |
| 2005-10-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-991.nasl - Type : ACT_GATHER_INFO |
| 2005-10-19 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-990.nasl - Type : ACT_GATHER_INFO |
| 2005-10-11 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200510-04.nasl - Type : ACT_GATHER_INFO |
| 2005-10-11 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-175.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:26:21 |
|
