CVE-2015-5701

Summary

CVE	CVE-2015-5701
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-08-25 18:29:00 UTC
Updated	2017-09-12 15:37:00 UTC
Description	mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.

Risk And Classification

Problem Types: CWE-59

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Tug	Texlive	20100722	All	All	All
Application	Tug	Texlive	20110705	All	All	All
Application	Tug	Texlive	20120701	All	All	All
Application	Tug	Texlive	20130530	All	All	All
Application	Tug	Texlive	20140525	All	All	All
Application	Tug	Texlive	20100722	All	All	All
Application	Tug	Texlive	20110705	All	All	All
Application	Tug	Texlive	20120701	All	All	All
Application	Tug	Texlive	20130530	All	All	All
Application	Tug	Texlive	20140525	All	All	All

References

Reference	Source	Link	Tags
Bug 1181167 – CVE-2015-5700 CVE-2015-5701 texlive: insecure use of /tmp in mktexlsr	CONFIRM	bugzilla.redhat.com	Issue Tracking, Patch, Third Party Advisory
[texlive] Log of /trunk/Build/source/texk/kpathsea/mktexlsr	CONFIRM	www.tug.org	Vendor Advisory
ViewVC Exception	CONFIRM	www.tug.org	Patch, Vendor Advisory
oss-security - Re: CVE request: mktexlsr/texlive: insecure use of /tmp	MLIST	www.openwall.com	Mailing List, Third Party Advisory
#775139 - mktexlsr: insecure use of /tmp - Debian Bug report logs	MISC	bugs.debian.org	Issue Tracking, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.