Vulnerabilities > CVE-2006-4810 - Buffer Overflow vulnerability in GNU Texinfo 4.8
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0727.NASL description New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Texinfo is a documentation system that can produce both online information and printed output from a single source file. A buffer overflow flaw was found in Texinfo last seen 2020-06-01 modified 2020-06-02 plugin id 37714 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/37714 title CentOS 3 / 4 : texinfo (CESA-2006:0727) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2006:0727 and # CentOS Errata and Security Advisory 2006:0727 respectively. # include("compat.inc"); if (description) { script_id(37714); script_version("1.13"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2005-3011", "CVE-2006-4810"); script_bugtraq_id(14854, 20959); script_xref(name:"RHSA", value:"2006:0727"); script_name(english:"CentOS 3 / 4 : texinfo (CESA-2006:0727)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Texinfo is a documentation system that can produce both online information and printed output from a single source file. A buffer overflow flaw was found in Texinfo's texindex command. An attacker could construct a carefully crafted Texinfo file that could cause texindex to crash or possibly execute arbitrary code when opened. (CVE-2006-4810) A flaw was found in the way Texinfo's texindex command creates temporary files. A local user could leverage this flaw to overwrite files the user executing texindex has write access to. (CVE-2005-3011) Users of Texinfo should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues." ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013356.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f91cdb2f" ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013372.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?44952730" ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013373.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cec4dedf" ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013385.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?db022d1e" ); # https://lists.centos.org/pipermail/centos-announce/2006-November/013386.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8813b5bb" ); script_set_attribute( attribute:"solution", value:"Update the affected texinfo packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:info"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:texinfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/21"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"info-4.5-3.el3.1")) flag++; if (rpm_check(release:"CentOS-3", reference:"texinfo-4.5-3.el3.1")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"info-4.7-5.el4.2")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"info-4.7-5.el4.2")) flag++; if (rpm_check(release:"CentOS-4", cpu:"i386", reference:"texinfo-4.7-5.el4.2")) flag++; if (rpm_check(release:"CentOS-4", cpu:"x86_64", reference:"texinfo-4.7-5.el4.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "info / texinfo"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2006-1202.NASL description - Sun Nov 5 2006 Miloslav Trmac <mitr at redhat.com> - 4.8-9.2.fc5.2 - Remove off-line sorting from texindex (fixes CVE-2006-4810) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24048 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24048 title Fedora Core 5 : texinfo-4.8-9.2.fc5.2 (2006-1202) NASL family Fedora Local Security Checks NASL id FEDORA_2006-1203.NASL description - Sun Nov 5 2006 Miloslav Trmac <mitr at redhat.com> - 4.8-14 - Remove off-line sorting from texindex (fixes CVE-2006-4810) - Mon Oct 9 2006 Miloslav Trmac <mitr at redhat.com> - 4.8-13 - Don last seen 2020-06-01 modified 2020-06-02 plugin id 24049 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24049 title Fedora Core 6 : texinfo-4.8-14.fc6 (2006-1203) NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-203.NASL description Miloslav Trmac discovered a buffer overflow in texinfo. This issue can cause texi2dvi or texindex to crash when processing a carefully crafted file. Updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24588 published 2007-02-18 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24588 title Mandrake Linux Security Advisory : texinfo (MDKSA-2006:203) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200611-16.NASL description The remote host is affected by the vulnerability described in GLSA-200611-16 (Texinfo: Buffer overflow) Miloslav Trmac from Red Hat discovered a buffer overflow in the last seen 2020-06-01 modified 2020-06-02 plugin id 23710 published 2006-11-22 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23710 title GLSA-200611-16 : Texinfo: Buffer overflow NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2006-0727.NASL description From Red Hat Security Advisory 2006:0727 : New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Texinfo is a documentation system that can produce both online information and printed output from a single source file. A buffer overflow flaw was found in Texinfo last seen 2020-06-01 modified 2020-06-02 plugin id 67419 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67419 title Oracle Linux 3 / 4 : texinfo (ELSA-2006-0727) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2006-0727-1.NASL description New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Texinfo is a documentation system that can produce both online information and printed output from a single source file. A buffer overflow flaw was found in Texinfo last seen 2020-06-01 modified 2020-06-02 plugin id 67037 published 2013-06-29 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67037 title CentOS 3 / 4 : texinfo (CESA-2006:0727-1) NASL family SuSE Local Security Checks NASL id SUSE9_11299.NASL description Specially crafted texinfo files could crash texinfo utilities like texi2dvi and potentially execute code. (CVE-2006-4810) last seen 2020-06-01 modified 2020-06-02 plugin id 41105 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41105 title SuSE9 Security Update : texinfo (YOU Patch Number 11299) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-379-1.NASL description Miloslav Trmac discovered a buffer overflow in texinfo last seen 2020-06-01 modified 2020-06-02 plugin id 27961 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27961 title Ubuntu 5.10 / 6.06 LTS / 6.10 : texinfo vulnerability (USN-379-1) NASL family Solaris Local Security Checks NASL id SOLARIS11_TEXINFO_20140512.NASL description The remote Solaris system is missing necessary patches to address security updates : - Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. (CVE-2006-4810) last seen 2020-06-01 modified 2020-06-02 plugin id 80782 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80782 title Oracle Solaris Third-Party Patch Update : texinfo (cve_2006_4810_buffer_overflow) NASL family SuSE Local Security Checks NASL id SUSE_TEXINFO-2264.NASL description Specially crafted texinfo files could crash texinfo utilities. (CVE-2006-4810) last seen 2020-06-01 modified 2020-06-02 plugin id 27467 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27467 title openSUSE 10 Security Update : texinfo (texinfo-2264) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2006-0727.NASL description New Texinfo packages that fix various security vulnerabilities are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Texinfo is a documentation system that can produce both online information and printed output from a single source file. A buffer overflow flaw was found in Texinfo last seen 2020-06-01 modified 2020-06-02 plugin id 23678 published 2006-11-20 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/23678 title RHEL 2.1 / 3 / 4 : texinfo (RHSA-2006:0727) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1219.NASL description Multiple vulnerabilities have been found in the GNU texinfo package, a documentation system for on-line information and printed output. - CVE-2005-3011 Handling of temporary files is performed in an insecure manner, allowing an attacker to overwrite any file writable by the victim. - CVE-2006-4810 A buffer overflow in util/texindex.c could allow an attacker to execute arbitrary code with the victim last seen 2020-06-01 modified 2020-06-02 plugin id 23742 published 2006-11-30 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/23742 title Debian DSA-1219-1 : texinfo - buffer overflow NASL family SuSE Local Security Checks NASL id SUSE_TEXINFO-2263.NASL description Specially crafted texinfo files could crash texinfo utilities like texi2dvi and potentially execute code. (CVE-2006-4810) last seen 2020-06-01 modified 2020-06-02 plugin id 29589 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29589 title SuSE 10 Security Update : texinfo (ZYPP Patch Number 2263)
Oval
accepted | 2013-04-29T04:09:45.798-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||
description | Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:10893 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
title | Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. | ||||||||||||||||||||
version | 25 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
Statements
contributor | Mark J Cox |
lastmodified | 2007-03-14 |
organization | Red Hat |
statement | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
References
- ftp://patches.sgi.com/support/free/security/advisories/20061101-01-P
- http://cvs.savannah.gnu.org/viewcvs/texinfo/texinfo/util/texindex.c?r1=1.16&r2=1.17
- http://secunia.com/advisories/22725
- http://secunia.com/advisories/22777
- http://secunia.com/advisories/22798
- http://secunia.com/advisories/22898
- http://secunia.com/advisories/22929
- http://secunia.com/advisories/22995
- http://secunia.com/advisories/23015
- http://secunia.com/advisories/23112
- http://secunia.com/advisories/23335
- http://secunia.com/advisories/24788
- http://security.gentoo.org/glsa/glsa-200611-16.xml
- http://www.debian.org/security/2006/dsa-1219
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:203
- http://www.novell.com/linux/security/advisories/2006_28_sr.html
- http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.034-texinfo.html
- http://www.redhat.com/support/errata/RHSA-2006-0727.html
- http://www.securityfocus.com/archive/1/452723/100/0/threaded
- http://www.securityfocus.com/archive/1/464745/100/0/threaded
- http://www.securityfocus.com/bid/20959
- http://www.trustix.org/errata/2006/0063/
- http://www.ubuntu.com/usn/usn-379-1
- http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html
- http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html
- http://www.vupen.com/english/advisories/2006/4412
- http://www.vupen.com/english/advisories/2007/1267
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30158
- https://issues.rpath.com/browse/RPL-810
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10893