CVE-2012-2120 : latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T optio

latex2man in texlive-extra-utils 2011.20120322, and possibly other versions or packages, when used with the H or T option, allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Published 2012-05-18 22:55:03

Updated 2012-05-21 16:24:57

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2012-2120

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-2120

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.3	LOW	AV:L/AC:M/Au:N/C:N/I:P/A:P	3.4	4.9	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2012-2120

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-2120

http://www.openwall.com/lists/oss-security/2012/04/19/15

oss-security - Re: CVE request: latex2man / texlive
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668779

#668779 - /usr/bin/latex2man: latex2man: predictable /tmp filenames - Debian Bug report logs
http://www.openwall.com/lists/oss-security/2012/04/19/12

oss-security - CVE request: latex2man / texlive

Products affected by CVE-2012-2120

Debian » Texlive-extra-utils » Version: 2011.20120322
cpe:2.3:a:debian:texlive-extra-utils:2011.20120322:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2012-2120

Exploit prediction scoring system (EPSS) score for CVE-2012-2120

CVSS scores for CVE-2012-2120

CWE ids for CVE-2012-2120

References for CVE-2012-2120

Products affected by CVE-2012-2120