ID CVE-2006-4810
Summary Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
References
Vulnerable Configurations
  • GNU texinfo 4.8
    cpe:2.3:a:gnu:texinfo:4.8
CVSS
Base: 4.6 (as of 09-11-2006 - 14:16)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-203.NASL
    description Miloslav Trmac discovered a buffer overflow in texinfo. This issue can cause texi2dvi or texindex to crash when processing a carefully crafted file. Updated packages have been patched to correct this issue.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 24588
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24588
    title Mandrake Linux Security Advisory : texinfo (MDKSA-2006:203)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200611-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-200611-16 (Texinfo: Buffer overflow) Miloslav Trmac from Red Hat discovered a buffer overflow in the 'readline()' function of texindex.c. The 'readline()' function is called by the texi2dvi and texindex commands. Impact : By enticing a user to open a specially crafted Texinfo file, an attacker could execute arbitrary code with the rights of the user running Texinfo. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-11
    plugin id 23710
    published 2006-11-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23710
    title GLSA-200611-16 : Texinfo: Buffer overflow
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1219.NASL
    description Multiple vulnerabilities have been found in the GNU texinfo package, a documentation system for on-line information and printed output. - CVE-2005-3011 Handling of temporary files is performed in an insecure manner, allowing an attacker to overwrite any file writable by the victim. - CVE-2006-4810 A buffer overflow in util/texindex.c could allow an attacker to execute arbitrary code with the victim's access rights by inducing the victim to run texindex or tex2dvi on a specially crafted texinfo file.
    last seen 2019-01-16
    modified 2018-07-20
    plugin id 23742
    published 2006-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23742
    title Debian DSA-1219-1 : texinfo - buffer overflow
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-379-1.NASL
    description Miloslav Trmac discovered a buffer overflow in texinfo's index processor. If a user is tricked into processing a .texi file with texindex, this could lead to arbitrary code execution with user privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 27961
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27961
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : texinfo vulnerability (USN-379-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_TEXINFO-2264.NASL
    description Specially crafted texinfo files could crash texinfo utilities. (CVE-2006-4810)
    last seen 2018-09-02
    modified 2018-07-19
    plugin id 27467
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27467
    title openSUSE 10 Security Update : texinfo (texinfo-2264)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_TEXINFO_20140512.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. (CVE-2006-4810)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 80782
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80782
    title Oracle Solaris Third-Party Patch Update : texinfo (cve_2006_4810_buffer_overflow)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_11299.NASL
    description Specially crafted texinfo files could crash texinfo utilities like texi2dvi and potentially execute code. (CVE-2006-4810)
    last seen 2019-01-16
    modified 2012-04-23
    plugin id 41105
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41105
    title SuSE9 Security Update : texinfo (YOU Patch Number 11299)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2006-0727.NASL
    description New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Texinfo is a documentation system that can produce both online information and printed output from a single source file. A buffer overflow flaw was found in Texinfo's texindex command. An attacker could construct a carefully crafted Texinfo file that could cause texindex to crash or possibly execute arbitrary code when opened. (CVE-2006-4810) A flaw was found in the way Texinfo's texindex command creates temporary files. A local user could leverage this flaw to overwrite files the user executing texindex has write access to. (CVE-2005-3011) Users of Texinfo should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.
    last seen 2019-01-16
    modified 2018-11-16
    plugin id 23678
    published 2006-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23678
    title RHEL 2.1 / 3 / 4 : texinfo (RHSA-2006:0727)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2006-0727.NASL
    description From Red Hat Security Advisory 2006:0727 : New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Texinfo is a documentation system that can produce both online information and printed output from a single source file. A buffer overflow flaw was found in Texinfo's texindex command. An attacker could construct a carefully crafted Texinfo file that could cause texindex to crash or possibly execute arbitrary code when opened. (CVE-2006-4810) A flaw was found in the way Texinfo's texindex command creates temporary files. A local user could leverage this flaw to overwrite files the user executing texindex has write access to. (CVE-2005-3011) Users of Texinfo should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.
    last seen 2019-01-16
    modified 2018-07-18
    plugin id 67419
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67419
    title Oracle Linux 3 / 4 : texinfo (ELSA-2006-0727)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_TEXINFO-2263.NASL
    description Specially crafted texinfo files could crash texinfo utilities like texi2dvi and potentially execute code. (CVE-2006-4810)
    last seen 2019-01-16
    modified 2012-05-17
    plugin id 29589
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29589
    title SuSE 10 Security Update : texinfo (ZYPP Patch Number 2263)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0727.NASL
    description New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Texinfo is a documentation system that can produce both online information and printed output from a single source file. A buffer overflow flaw was found in Texinfo's texindex command. An attacker could construct a carefully crafted Texinfo file that could cause texindex to crash or possibly execute arbitrary code when opened. (CVE-2006-4810) A flaw was found in the way Texinfo's texindex command creates temporary files. A local user could leverage this flaw to overwrite files the user executing texindex has write access to. (CVE-2005-3011) Users of Texinfo should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 37714
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37714
    title CentOS 3 / 4 : texinfo (CESA-2006:0727)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2006-0727-1.NASL
    description New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Texinfo is a documentation system that can produce both online information and printed output from a single source file. A buffer overflow flaw was found in Texinfo's texindex command. An attacker could construct a carefully crafted Texinfo file that could cause texindex to crash or possibly execute arbitrary code when opened. (CVE-2006-4810) A flaw was found in the way Texinfo's texindex command creates temporary files. A local user could leverage this flaw to overwrite files the user executing texindex has write access to. (CVE-2005-3011) Users of Texinfo should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 67037
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67037
    title CentOS 3 / 4 : texinfo (CESA-2006:0727-1)
oval via4
accepted 2013-04-29T04:09:45.798-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
family unix
id oval:org.mitre.oval:def:10893
status accepted
submitted 2010-07-09T03:56:16-04:00
title Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
version 22
redhat via4
advisories
bugzilla
id 211484
title CVE-2006-4810 texindex buffer overflow
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment info is earlier than 0:4.5-3.el3.1
          oval oval:com.redhat.rhsa:tst:20060727004
        • comment info is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060727005
      • AND
        • comment texinfo is earlier than 0:4.5-3.el3.1
          oval oval:com.redhat.rhsa:tst:20060727002
        • comment texinfo is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060727003
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • OR
      • AND
        • comment info is earlier than 0:4.7-5.el4.2
          oval oval:com.redhat.rhsa:tst:20060727008
        • comment info is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060727005
      • AND
        • comment texinfo is earlier than 0:4.7-5.el4.2
          oval oval:com.redhat.rhsa:tst:20060727007
        • comment texinfo is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20060727003
rhsa
id RHSA-2006:0727
released 2006-11-08
severity Moderate
title RHSA-2006:0727: texinfo security update (Moderate)
rpms
  • info-0:4.5-3.el3.1
  • texinfo-0:4.5-3.el3.1
  • info-0:4.7-5.el4.2
  • texinfo-0:4.7-5.el4.2
refmap via4
bid 20959
bugtraq
  • 20061127 rPSA-2006-0219-1 info install-info texinfo
  • 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates
confirm
debian DSA-1219
gentoo GLSA-200611-16
mandriva MDKSA-2006:203
misc http://cvs.savannah.gnu.org/viewcvs/texinfo/texinfo/util/texindex.c?r1=1.16&r2=1.17
openpkg OpenPKG-SA-2006.034
secunia
  • 22725
  • 22777
  • 22798
  • 22898
  • 22929
  • 22995
  • 23015
  • 23112
  • 23335
  • 24788
sgi 20061101-01-P
suse SUSE-SR:2006:028
trustix 2006-0063
ubuntu USN-379-1
vupen
  • ADV-2006-4412
  • ADV-2007-1267
xf texinfo-texindex-bo(30158)
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 07-03-2011 - 21:42
Published 08-11-2006 - 16:07
Last modified 17-10-2018 - 17:39
Back to Top