CVE-2015-5701
NONE EPSS 33.7%
Published Aug 25, 20178y ago · Modified Jun 17, 20262w ago
Published Aug 25, 2017 8y ago
Last Modified Jun 17, 2026 2w ago
Description
mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.
Threat Intelligence
EPSS Exploit Probability
33.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-59
Affected Products 5
References 5
- openwall.com http://www.openwall.com/lists/oss-security/2015/07/30/6
- bugs.debian.org https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1181167
- tug.org https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885
- tug.org https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log
Remediation
- bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=1181167
- tug.org https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885