PT-2012-3818 · Tex Users · Texlive-Extra-Utils

Helmut Grohne

Published

2012-05-18

Updated

2012-05-21

CVE-2012-2120

CVSS v2.0

3.3

Low

Vector

AV:L/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions texlive-extra-utils version 2011.20120322

Description The issue allows local users to overwrite arbitrary files via a symlink attack on a temporary file when latex2man is used with the H or T option.

Recommendations For texlive-extra-utils version 2011.20120322, consider avoiding the use of the H or T option with latex2man until a fix is available, or apply any available configuration changes that restrict access to temporary files to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-2120

Affected Products

Texlive-Extra-Utils

PT-2012-3818 · Tex Users · Texlive-Extra-Utils

CVE-2012-2120

Weakness Enumeration

Related Identifiers

Affected Products

References · 11