CVE-2005-3011

Name of the Vulnerable Software and Affected Versions texinfo versions 4.8 and earlier texinfo-4.7 texinfo-4.5 texinfo-4.0b info-4.5 info-4.0b info-4.7

Description The issue concerns multiple vulnerabilities in the texinfo package that can be exploited by a local attacker, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, the sort offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Recommendations For texinfo versions 4.8 and earlier, consider updating to a version later than 4.8 to mitigate the risk. For texinfo-4.7, update to a newer version to resolve the issue. For texinfo-4.5, update to a newer version to resolve the issue. For texinfo-4.0b, update to a newer version to resolve the issue. For info-4.5, update to a newer version to resolve the issue. For info-4.0b, update to a newer version to resolve the issue. For info-4.7, update to a newer version to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable texindex function until a patch is available.