CVE-2015-5701

NONE EPSS 33.7%
Published Aug 25, 20178y ago · Modified Jun 17, 20262w ago
Find Similar
Published Aug 25, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.

Threat Intelligence

EPSS Exploit Probability
33.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-59

Affected Products 5

VendorProductVersionRange
tugtexlive20100722any
tugtexlive20110705any
tugtexlive20120701any
tugtexlive20130530any
tugtexlive20140525any

References 5

  • openwall.com http://www.openwall.com/lists/oss-security/2015/07/30/6
    Mailing ListThird Party Advisory
  • bugs.debian.org https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139
    Issue TrackingThird Party Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1181167
    Issue TrackingPatchThird Party Advisory
  • tug.org https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885
    PatchVendor Advisory
  • tug.org https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log
    Vendor Advisory

Remediation

  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1181167
    Issue TrackingPatchThird Party Advisory
  • tug.org https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885
    PatchVendor Advisory