CVE-2007-5936 - OpenCVE

dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Tetex	Tetex
Tug	Texlive 2007

Configuration 1 [-]

OR	cpe:2.3:a:tetex:tetex::::::::
	cpe:2.3:a:tug:texlive_2007::::::::

References

Link	Resource
http://bugs.gentoo.org/attachment.cgi?id=135423
http://bugs.gentoo.org/show_bug.cgi?id=198238
http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html
http://osvdb.org/42238
http://secunia.com/advisories/27672	Vendor Advisory
http://secunia.com/advisories/27686	Vendor Advisory
http://secunia.com/advisories/27718	Vendor Advisory
http://secunia.com/advisories/27743	Vendor Advisory
http://secunia.com/advisories/27967	Vendor Advisory
http://secunia.com/advisories/28107	Vendor Advisory
http://secunia.com/advisories/28412	Vendor Advisory
http://secunia.com/advisories/30168	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200711-26.xml
http://security.gentoo.org/glsa/glsa-200711-34.xml
http://security.gentoo.org/glsa/glsa-200805-13.xml
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266
http://www.mandriva.com/security/advisories?name=MDKSA-2007:230
http://www.securityfocus.com/archive/1/487984/100/0/threaded
http://www.securityfocus.com/bid/26469
http://www.securitytracker.com/id?1019058
http://www.vupen.com/english/advisories/2007/3896
https://bugzilla.redhat.com/show_bug.cgi?id=368611
https://issues.rpath.com/browse/RPL-1928
https://usn.ubuntu.com/554-1/
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-11-13T22:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-11-13T00:00:00

Link: CVE-2007-5936

JSON object: View

NVD Information

Status : Modified

Published: 2007-11-13T22:46:00.000

Modified: 2018-10-15T21:47:21.707

Link: CVE-2007-5936

JSON object: View

Redhat Information

No data.

CWE

CWE-264

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-06T00:00:00", "descriptions": [{"lang": "en", "value": "dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1928"}, {"name": "27672", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27672"}, {"name": "27743", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27743"}, {"name": "SUSE-SR:2008:011", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"}, {"name": "28412", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28412"}, {"name": "27686", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27686"}, {"name": "USN-554-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/554-1/"}, {"name": "42238", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/42238"}, {"name": "26469", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26469"}, {"name": "GLSA-200805-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"}, {"name": "GLSA-200711-26", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"}, {"name": "30168", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30168"}, {"name": "ADV-2007-3896", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3896"}, {"name": "27718", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27718"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"}, {"name": "GLSA-200711-34", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"}, {"name": "27967", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27967"}, {"name": "FEDORA-2007-3390", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"}, {"name": "1019058", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019058"}, {"name": "28107", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28107"}, {"name": "MDKSA-2007:230", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"}, {"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"}, {"name": "SUSE-SR:2008:001", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5936", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://bugs.gentoo.org/attachment.cgi?id=135423", "refsource": "MISC", "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"}, {"name": "https://issues.rpath.com/browse/RPL-1928", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1928"}, {"name": "27672", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27672"}, {"name": "27743", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27743"}, {"name": "SUSE-SR:2008:011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"}, {"name": "28412", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28412"}, {"name": "27686", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27686"}, {"name": "USN-554-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/554-1/"}, {"name": "42238", "refsource": "OSVDB", "url": "http://osvdb.org/42238"}, {"name": "26469", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26469"}, {"name": "GLSA-200805-13", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"}, {"name": "GLSA-200711-26", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=198238", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"}, {"name": "30168", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30168"}, {"name": "ADV-2007-3896", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3896"}, {"name": "27718", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27718"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=368611", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"}, {"name": "GLSA-200711-34", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"}, {"name": "27967", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27967"}, {"name": "FEDORA-2007-3390", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"}, {"name": "1019058", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019058"}, {"name": "28107", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28107"}, {"name": "MDKSA-2007:230", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"}, {"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"}, {"name": "SUSE-SR:2008:001", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5936", "datePublished": "2007-11-13T22:00:00", "dateReserved": "2007-11-13T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tetex:tetex:*:*:*:*:*:*:*:*", "matchCriteriaId": "87CCAA71-B817-48A0-81C0-9E4DC4953C9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tug:texlive_2007:*:*:*:*:*:*:*:*", "matchCriteriaId": "B01AD712-1D5C-49B6-AF51-4A4A2BA3FD83", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place."}, {"lang": "es", "value": "dvips en teTex y TeXlive 2007 y anteriores permite a usuarios locales obtener informaci\u00f3n sensible y modificar ciertos datos a trav\u00e9s de la creaci\u00f3n de ciertos archivos temporales antes de que sean procesados por dviljk, lo cual permite que puedan ser leidos o modificados en el lugar."}], "id": "CVE-2007-5936", "lastModified": "2018-10-15T21:47:21.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-11-13T22:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"}, {"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/42238"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27672"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27686"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27718"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27743"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27967"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28107"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28412"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30168"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"}, {"source": "cve@mitre.org", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26469"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019058"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3896"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"}, {"source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-1928"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/554-1/"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable.\n\nteTeX is packaged without the dviljk binary in Red Hat Enterprise Linux, making it impossible to exploit this flaw. We are however including this fix in RHSA-2010:0399, RHSA-2010:0400, and RHSA-2010:0401 in the event the binary is shipped in the future.", "lastModified": "2010-05-06T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}