ID CVE-2007-0650
Summary Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.
References
Vulnerable Configurations
  • cpe:2.3:a:makeindex:makeindex:2.14:*:*:*:*:*:*:*
    cpe:2.3:a:makeindex:makeindex:2.14:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 29-07-2017 - 01:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 23872
confirm
gentoo
  • GLSA-200709-17
  • GLSA-200711-34
  • GLSA-200805-13
mandriva MDKSA-2007:109
secunia
  • 26982
  • 30168
vupen ADV-2007-1706
xf tetex-makeindex-opensty-bo(32284)
statements via4
contributor Mark J Cox
lastmodified 2007-02-13
organization Red Hat
statement Red Hat does not consider this issue to be a security vulnerability. The user would have to voluntarily interact with the attack mechanism to exploit the flaw, and the result would be the ability to run code as themselves.
Last major update 29-07-2017 - 01:30
Published 01-02-2007 - 19:28
Last modified 29-07-2017 - 01:30
Back to Top