Lucene search

K
cve[email protected]CVE-2015-5701
HistoryAug 25, 2017 - 6:29 p.m.

CVE-2015-5701

2017-08-2518:29:00
CWE-59
web.nvd.nist.gov
18
cve-2015-5701
texlive
symlink attack
security vulnerability

5.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:C/A:N

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of a fix of CVE-2015-5700.

Affected configurations

NVD
Node
tugtexliveMatch20100722
OR
tugtexliveMatch20110705
OR
tugtexliveMatch20120701
OR
tugtexliveMatch20130530
OR
tugtexliveMatch20140525

5.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:C/A:N

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%