PT-2017-6885 · Tex Live · Mktexlsr

Vasyl Kaigorodov

Published

2017-08-25

Updated

2017-09-12

CVE-2015-5701

CVSS v2.0

5.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:C/A:N

Name of the Vulnerable Software and Affected Versions mktexlsr versions as packaged in texlive before revision 36626 and after revision 36855

Description The issue allows local users to write to arbitrary files via a symlink attack. This problem exists due to the reversion of a previous fix.

Recommendations For versions as packaged in texlive before revision 36626 and after revision 36855, update to a version that includes the fix for this issue to prevent local users from writing to arbitrary files via a symlink attack.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2015-5701

Affected Products

Mktexlsr

PT-2017-6885 · Tex Live · Mktexlsr

CVE-2015-5701

Weakness Enumeration

Related Identifiers

Affected Products

References · 6