CVE-2006-4810

Severity

46%

Complexity

39%

Confidentiality

106%

Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.

Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 18 years ago

2006-11-08 21:07:00

Last updated 6 years ago

2018-10-17 21:39:00

Affected Software

GNU texinfo

References

20061101-01-P

http://cvs.savannah.gnu.org/viewcvs/texinfo/texinfo/util/texindex.c?r1=1.16&r2=1.17

22725

Vendor Advisory

22777

Vendor Advisory

22798

Vendor Advisory

22898

22929

22995

23015

23112

23335

24788

GLSA-200611-16

DSA-1219

MDKSA-2006:203

SUSE-SR:2006:028

OpenPKG-SA-2006.034

RHSA-2006:0727

Patch

20061127 rPSA-2006-0219-1 info install-info texinfo

20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates

20959

2006-0063

USN-379-1

http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html

http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html

ADV-2006-4412

ADV-2007-1267

texinfo-texindex-bo(30158)

https://issues.rpath.com/browse/RPL-810

oval:org.mitre.oval:def:10893

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.