CVE-2005-3011

{"id": "CVE-2005-3011", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 1.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-09-21T20:03:00.000", "references": [{"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc", "source": "cve@mitre.org"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P", "source": "cve@mitre.org"}, {"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://docs.info.apple.com/article.html?artnum=305530", "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2007/May/msg00004.html", "source": "cve@mitre.org"}, {"url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/16816", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17070", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17076", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17093", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17211", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/17215", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/18401", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/22929", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23112", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/24788", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25402", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1014992", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015468", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2006/dsa-1219", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml", "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:175", "source": "cve@mitre.org"}, {"url": "http://www.novell.com/linux/security/advisories/2005_23_sr.html", "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0727.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/14854", "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-194-1", "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html", "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1267", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1939", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10589", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-59"}]}], "descriptions": [{"lang": "en", "value": "The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files."}], "lastModified": "2018-10-19T15:34:24.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:texinfo:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CB7D599-0C64-422A-AE4A-3E8762C7CE46", "versionEndIncluding": "4.8"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Updated packages to correct this issue are available along with our advisory:\nhttp://rhn.redhat.com/errata/CVE-2005-3011.html\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.", "lastModified": "2007-03-14T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}