Vulnerability Name:

CVE-2005-3011 (CCN-22277)

Assigned:2000-02-09
Published:2000-02-09
Updated:2018-10-19
Summary:The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:1.2 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-59
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-06:01.texindex
Texindex temporary file privilege escalation

Source: FREEBSD
Type: UNKNOWN
FreeBSD-SA-06:01

Source: SGI
Type: UNKNOWN
20061101-01-P

Source: CCN
Type: BugTraq Mailing List, Wed Apr 04 2007 - 15:20:26 CDT
VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates

Source: CCN
Type: Debian Bug report logs #328365
temporary file race in texindex

Source: MISC
Type: Exploit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365

Source: MITRE
Type: CNA
CVE-2005-3011

Source: CCN
Type: Apple Security Update 2007-005
About Security Update 2007-005

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=305530

Source: CCN
Type: Apple Web site
Apple security updates

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-05-24

Source: CCN
Type: Trustix Secure Linux Security Advisory #2005-0059
Multiple vulnerabilities

Source: TRUSTIX
Type: UNKNOWN
TSLSA-2005-0059

Source: CCN
Type: RHSA-2006-0727
Moderate: texinfo security update

Source: CCN
Type: SA16816
GNU Texinfo Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
16816

Source: SECUNIA
Type: Vendor Advisory
17070

Source: SECUNIA
Type: Vendor Advisory
17076

Source: SECUNIA
Type: Vendor Advisory
17093

Source: SECUNIA
Type: Vendor Advisory
17211

Source: SECUNIA
Type: Vendor Advisory
17215

Source: SECUNIA
Type: Vendor Advisory
18401

Source: SECUNIA
Type: Vendor Advisory
22929

Source: SECUNIA
Type: Vendor Advisory
23112

Source: CCN
Type: SA24788
VMware ESX Server Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
24788

Source: SECUNIA
Type: Vendor Advisory
25402

Source: CCN
Type: SECTRACK ID: 1014992
Texinfo `texindex` Unsafe Temporary File May Let Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1014992

Source: CCN
Type: SECTRACK ID: 1015468
FreeBSD texindex Unsafe Temporary Files May Let Local Users Gain Elevated Privileges

Source: SECTRACK
Type: UNKNOWN
1015468

Source: CCN
Type: ASA-2007-011
texinfo security update (RHSA-2006-0727)

Source: DEBIAN
Type: UNKNOWN
DSA-1219

Source: DEBIAN
Type: DSA-1219
texinfo -- buffer overflow

Source: CCN
Type: GLSA-200510-04
Texinfo: Insecure temporary file creation

Source: GENTOO
Type: UNKNOWN
GLSA-200510-04

Source: CCN
Type: Texinfo Web page
Texinfo - The GNU Documentation System

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2005:175

Source: SUSE
Type: UNKNOWN
SUSE-SR:2005:023

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0727

Source: BUGTRAQ
Type: UNKNOWN
20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates

Source: BID
Type: UNKNOWN
14854

Source: CCN
Type: BID-14854
GNU Texinfo Insecure Temporary File Creation Vulnerability

Source: CCN
Type: USN-194-1
texinfo vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-194-1

Source: CCN
Type: USN-194-2
texinfo regression bug fix

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html

Source: VUPEN
Type: Vendor Advisory
ADV-2007-1267

Source: VUPEN
Type: Vendor Advisory
ADV-2007-1939

Source: XF
Type: UNKNOWN
texinfo-sortoffline-symlink(22277)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10589

Source: SUSE
Type: SUSE-SR:2005:023
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:texinfo:*:*:*:*:*:*:*:* (Version <= 4.8)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20053011
    V
    		CVE-2005-3011
    2015-11-16
    oval:org.mitre.oval:def:10589
    V
    		The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
    2013-04-29
    oval:org.debian:def:1219
    V
    		buffer overflow
    2006-11-27
    oval:com.redhat.rhsa:def:20060727
    P
    		RHSA-2006:0727: texinfo security update (Moderate)
    2006-11-08
    BACK
    gnu texinfo *