CVE-2013-1444 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.3 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:N/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 12%

Affected Products (NVD)

Vendor	Product	Version
debian	txt2man	1.5.5-2
debian	txt2man	1.5.5-4
marc_vertes	txt2man	1.5.5

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

txt2man

bookworm	1.7.1-4 fixed
bullseye	1.7.1-1+deb11u1 fixed
sid	1.7.1-4 fixed
squeeze	no-dsa
trixie	1.7.1-4 fixed
wheezy	no-dsa

Ubuntu Releases

Ubuntu Product

Codename

txt2man

lucid	ignored
precise	Fixed 1.5.5-4ubuntu0.12.04.1 released
quantal	Fixed 1.5.5-4ubuntu0.12.10.1 released
raring	Fixed 1.5.5-4ubuntu0.13.04.1 released

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724614

http://osvdb.org/97769

http://seclists.org/oss-sec/2013/q3/660

http://www.ubuntu.com/usn/USN-1979-1

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724614

http://osvdb.org/97769

http://seclists.org/oss-sec/2013/q3/660

http://www.ubuntu.com/usn/USN-1979-1