Bug#668779: /usr/bin/latex2man: latex2man: predictable /tmp filenames

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#668779: /usr/bin/latex2man: latex2man: predictable /tmp filenames
From: Helmut Grohne <helmut@subdivi.de>
Date: Sat, 14 Apr 2012 12:53:13 +0200
Message-id: <[🔎] 20120414105312.GA27733@alf.mars>
Reply-to: Helmut Grohne <helmut@subdivi.de>, 668779@bugs.debian.org

Package: texlive-extra-utils
Version: 2011.20120322-1
Severity: important
File: /usr/bin/latex2man
Tags: security

The latex2man utility generates predictable filenames in /tmp:

| $tmp = "/tmp/$CMD.$$";

For the issue to be exploitable the program must be invoked with either
the -H or the -T option. An attacker can use a symbolic link to redirect
the writes to an arbitrary file owned by the invoking user.

Helmut

Reply to:

Prev by Date: Bug#668762: tex-common 3.8 fails to install
Next by Date: Re: packages creating TEXMFLOCAL/ls-R
Previous by thread: Bug#668762: marked as done (needs break/conflict with jadetex before 3.13-13)
Next by thread: SVN tex-common commit: r5388 - tex-common/trunk/debian
Index(es):
- Date
- Thread