CVE-2015-5700 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.1 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 40%

Debian Releases

Debian Product

Codename

texlive-bin

bullseye	2020.20200327.54578-7+deb11u1 fixed
wheezy	no-dsa
squeeze	no-dsa
bullseye (security)	2020.20200327.54578-7+deb11u2 fixed
bookworm	2022.20220321.62855-5.1+deb12u1 fixed
trixie	2024.20240313.70630+ds-4 fixed
sid	2024.20240313.70630+ds-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

texlive-bin

bionic	not-affected
artful	not-affected
zesty	not-affected
yakkety	not-affected
xenial	not-affected
wily	not-affected
vivid	not-affected
trusty	Fixed 2013.20130729.30972-2ubuntu0.1 released
precise	not-affected

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://www.openwall.com/lists/oss-security/2015/07/30/6

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139

https://bugzilla.redhat.com/show_bug.cgi?id=1181167

https://usn.ubuntu.com/3788-1/

https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885

https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log

http://www.openwall.com/lists/oss-security/2015/07/30/6

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775139

https://bugzilla.redhat.com/show_bug.cgi?id=1181167

https://usn.ubuntu.com/3788-1/

https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885

https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?view=log