CVE-2015-5700

NONE EPSS 34.1%
Published Aug 25, 20178y ago ยท Modified Jun 17, 20262w ago
Find Similar
Published Aug 25, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack.

Threat Intelligence

EPSS Exploit Probability
34.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-59

Affected Products 5

VendorProductVersionRange
tugtexlive20100722any
tugtexlive20110705any
tugtexlive20120701any
tugtexlive20130530any
tugtexlive20140525any

References 6

  • openwall.com http://www.openwall.com/lists/oss-security/2015/07/30/6
    Mailing ListThird Party Advisory
  • bugs.debian.org https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139
    Issue TrackingThird Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1181167
    Issue TrackingPatchThird Party Advisory
  • usn.ubuntu.com https://usn.ubuntu.com/3788-1/
  • tug.org https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885
    PatchVendor Advisory
  • tug.org https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log
    Vendor Advisory

Remediation

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1181167
    Issue TrackingPatchThird Party Advisory
  • tug.org https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885
    PatchVendor Advisory