Access Restriction Bypass Affecting texlive-bin package, versions <2007-13
Threat Intelligence
EPSS
0.04% (11th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-TEXLIVEBIN-522108
- published 13 Nov 2007
- disclosed 13 Nov 2007
Introduced: 13 Nov 2007
CVE-2007-5936 Open this link in a new tabHow to fix?
Upgrade Debian:11 texlive-bin to version 2007-13 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream texlive-bin package and not the texlive-bin package as distributed by Debian.
See How to fix? for Debian:11 relevant fixed versions and status.
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
References
- https://security-tracker.debian.org/tracker/CVE-2007-5936
- http://www.securityfocus.com/archive/1/487984/100/0/threaded
- http://bugs.gentoo.org/show_bug.cgi?id=198238
- https://issues.rpath.com/browse/RPL-1928
- http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266
- https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html
- http://security.gentoo.org/glsa/glsa-200711-26.xml
- http://security.gentoo.org/glsa/glsa-200711-34.xml
- http://security.gentoo.org/glsa/glsa-200805-13.xml
- http://bugs.gentoo.org/attachment.cgi?id=135423
- http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
- http://osvdb.org/42238
- https://bugzilla.redhat.com/show_bug.cgi?id=368611
- http://secunia.com/advisories/27672
- http://secunia.com/advisories/27686
- http://secunia.com/advisories/27718
- http://secunia.com/advisories/27743
- http://secunia.com/advisories/27967
- http://secunia.com/advisories/28107
- http://secunia.com/advisories/28412
- http://secunia.com/advisories/30168
- http://www.securityfocus.com/bid/26469
- http://www.securitytracker.com/id?1019058
- http://www.ubuntulinux.org/support/documentation/usn/usn-554-1
- https://usn.ubuntu.com/554-1/
- http://www.vupen.com/english/advisories/2007/3896
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
CVSS Scores
version 3.1