// For flags

CVE-2005-3011

 

Severity Score

5.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Local
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2005-09-21 CVE Reserved
  • 2005-09-21 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (34)
URL Tag Source
http://docs.info.apple.com/article.html?artnum=305530 X_refsource_confirm
http://securitytracker.com/id?1014992 Vdb Entry
http://securitytracker.com/id?1015468 Vdb Entry
http://www.securityfocus.com/archive/1/464745/100/0/threaded Mailing List
http://www.securityfocus.com/bid/14854 Vdb Entry
http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html X_refsource_confirm
http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10589 Signature
URL Date SRC
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328365 2024-08-07
URL Date SRC
URL Date SRC
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc 2018-10-19
ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P 2018-10-19
http://lists.apple.com/archives/security-announce/2007/May/msg00004.html 2018-10-19
http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html 2018-10-19
http://secunia.com/advisories/16816 2018-10-19
http://secunia.com/advisories/17070 2018-10-19
http://secunia.com/advisories/17076 2018-10-19
http://secunia.com/advisories/17093 2018-10-19
http://secunia.com/advisories/17211 2018-10-19
http://secunia.com/advisories/17215 2018-10-19
http://secunia.com/advisories/18401 2018-10-19
http://secunia.com/advisories/22929 2018-10-19
http://secunia.com/advisories/23112 2018-10-19
http://secunia.com/advisories/24788 2018-10-19
http://secunia.com/advisories/25402 2018-10-19
http://www.debian.org/security/2006/dsa-1219 2018-10-19
http://www.gentoo.org/security/en/glsa/glsa-200510-04.xml 2018-10-19
http://www.mandriva.com/security/advisories?name=MDKSA-2005:175 2018-10-19
http://www.novell.com/linux/security/advisories/2005_23_sr.html 2018-10-19
http://www.redhat.com/support/errata/RHSA-2006-0727.html 2018-10-19
http://www.ubuntu.com/usn/usn-194-1 2018-10-19
http://www.vupen.com/english/advisories/2007/1267 2018-10-19
http://www.vupen.com/english/advisories/2007/1939 2018-10-19
https://access.redhat.com/security/cve/CVE-2005-3011 2006-11-08
https://bugzilla.redhat.com/show_bug.cgi?id=1617775 2006-11-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnu
Search vendor "Gnu"
 Texinfo
Search vendor "Gnu" for product "Texinfo"
 <= 4.8
Search vendor "Gnu" for product "Texinfo" and version " <= 4.8"
-
Affected