CVE-2007-5936
Summary
| CVE | CVE-2007-5936 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2007-11-13 22:46:00 UTC |
|---|
| Updated | 2018-10-15 21:47:00 UTC |
|---|
| Description | dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| [security-announce] SUSE Security Summary Report SUSE-SR:200?8:011 |
SUSE |
lists.opensuse.org |
|
| [security-announce] SUSE Security Summary Report SUSE-SR:2008:001 |
SUSE |
lists.opensuse.org |
|
| 42238 |
OSVDB |
osvdb.org |
|
| USN-554-1: teTeX and TeX Live vulnerabilities | Ubuntu security notices |
UBUNTU |
usn.ubuntu.com |
|
| Bug 368611 – CVE-2007-5936 dviljk uses insecure temporary file |
CONFIRM |
bugzilla.redhat.com |
|
| Ubuntu update for tetex-bin and texlive-bin - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| Support / Security / Advisories / / MDKSA-2007:230 | Mandriva |
MANDRIVA |
www.mandriva.com |
|
| PTeX: Multiple vulnerabilities — Gentoo Linux Documentation |
GENTOO |
security.gentoo.org |
|
| Gentoo Linux Documentation
--
CSTeX: Multiple vulnerabilities |
GENTOO |
security.gentoo.org |
|
| Gentoo update for ptex - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| bugs.gentoo.org/attachment.cgi |
MISC |
bugs.gentoo.org |
|
| [SECURITY] Fedora 7 Update: tetex-3.0-40.3.fc7 |
FEDORA |
www.redhat.com |
|
| SUSE Update for Multiple Packages - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| SecurityFocus |
BUGTRAQ |
www.securityfocus.com |
|
| Webmail - OVH |
VUPEN |
www.vupen.com |
|
| Fedora update for tetex - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| rPath update for tetex - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| Gentoo Linux Documentation
--
teTeX: Multiple vulnerabilities |
GENTOO |
security.gentoo.org |
|
| Gentoo update for tetex - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| Advisories:rPSA-2007-0266 - rPath Wiki |
CONFIRM |
wiki.rpath.com |
|
| Mandriva update for tetex - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| teTeX Multiple Vulnerabilities - Advisories - Secunia |
SECUNIA |
secunia.com |
Vendor Advisory |
| teTeX Buffer Overflows Let Remote Users Execute Arbitrary Code and Unsafe Temporary Files Let Local Users Overwrite Files - SecurityTracker |
SECTRACK |
www.securitytracker.com |
|
| teTeX DVI File Parsing Multiple Vulnerabilities |
BID |
www.securityfocus.com |
|
| Gentoo Bug 198238 - app-text/tetex < 3.0_p1-r6 Multiple issues in dviljk and dvips (CVE-2007-{5935,5936,5937}) |
CONFIRM |
bugs.gentoo.org |
|
| issues.rpath.com/browse/RPL-1928 |
CONFIRM |
issues.rpath.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|
| Red Hat | 2010-05-06 | Mark J Cox | Not vulnerable. teTeX is packaged without the dviljk binary in Red Hat Enterprise Linux, making it impossible to exploit this flaw. We are however including this fix in RHSA-2010:0399, RHSA-2010:0400, and RHSA-2010:0401 in the event the binary is shipped in the future. |
There are currently no legacy QID mappings associated with this CVE.
