Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.

The remote Solaris system is missing necessary patches to address security updates :

  - Buffer overflow in the readline function in     util/texindex.c, as used by the (1) texi2dvi and (2)     texindex commands, in texinfo 4.8 and earlier allows     local users to execute arbitrary code via a crafted     Texinfo file. (CVE-2006-4810)

From Red Hat Security Advisory 2006:0727 :

New Texinfo packages that fix various security vulnerabilities are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Texinfo is a documentation system that can produce both online information and printed output from a single source file.

A buffer overflow flaw was found in Texinfo's texindex command. An attacker could construct a carefully crafted Texinfo file that could cause texindex to crash or possibly execute arbitrary code when opened. (CVE-2006-4810)

A flaw was found in the way Texinfo's texindex command creates temporary files. A local user could leverage this flaw to overwrite files the user executing texindex has write access to. (CVE-2005-3011)

Users of Texinfo should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.

New Texinfo packages that fix various security vulnerabilities are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Texinfo is a documentation system that can produce both online information and printed output from a single source file.

A buffer overflow flaw was found in Texinfo's texindex command. An attacker could construct a carefully crafted Texinfo file that could cause texindex to crash or possibly execute arbitrary code when opened. (CVE-2006-4810)

A flaw was found in the way Texinfo's texindex command creates temporary files. A local user could leverage this flaw to overwrite files the user executing texindex has write access to. (CVE-2005-3011)

Users of Texinfo should upgrade to these updated packages which contain backported patches and are not vulnerable to these issues.

Specially crafted texinfo files could crash texinfo utilities like texi2dvi and potentially execute code. (CVE-2006-4810)

Miloslav Trmac discovered a buffer overflow in texinfo's index processor. If a user is tricked into processing a .texi file with texindex, this could lead to arbitrary code execution with user privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Specially crafted texinfo files could crash texinfo utilities.
(CVE-2006-4810)

Miloslav Trmac discovered a buffer overflow in texinfo. This issue can cause texi2dvi or texindex to crash when processing a carefully crafted file.

Updated packages have been patched to correct this issue.

Multiple vulnerabilities have been found in the GNU texinfo package, a documentation system for on-line information and printed output.

  - CVE-2005-3011     Handling of temporary files is performed in an insecure     manner, allowing an attacker to overwrite any file     writable by the victim.

  - CVE-2006-4810     A buffer overflow in util/texindex.c could allow an     attacker to execute arbitrary code with the victim's     access rights by inducing the victim to run texindex or     tex2dvi on a specially crafted texinfo file.

The remote host is affected by the vulnerability described in GLSA-200611-16 (Texinfo: Buffer overflow)

    Miloslav Trmac from Red Hat discovered a buffer overflow in the     'readline()' function of texindex.c. The 'readline()' function is     called by the texi2dvi and texindex commands.
  Impact :

    By enticing a user to open a specially crafted Texinfo file, an     attacker could execute arbitrary code with the rights of the user     running Texinfo.
  Workaround :

    There is no known workaround at this time.

ID	Name	Product	Family	Severity
80782	Oracle Solaris Third-Party Patch Update : texinfo (cve_2006_4810_buffer_overflow)	Nessus	Solaris Local Security Checks	medium
67419	Oracle Linux 3 / 4 : texinfo (ELSA-2006-0727)	Nessus	Oracle Linux Local Security Checks	medium
67037	CentOS 3 / 4 : texinfo (CESA-2006:0727-1)	Nessus	CentOS Local Security Checks	medium
41105	SuSE9 Security Update : texinfo (YOU Patch Number 11299)	Nessus	SuSE Local Security Checks	medium
37714	CentOS 3 / 4 : texinfo (CESA-2006:0727)	Nessus	CentOS Local Security Checks	medium
29589	SuSE 10 Security Update : texinfo (ZYPP Patch Number 2263)	Nessus	SuSE Local Security Checks	medium
27961	Ubuntu 5.10 / 6.06 LTS / 6.10 : texinfo vulnerability (USN-379-1)	Nessus	Ubuntu Local Security Checks	medium
27467	openSUSE 10 Security Update : texinfo (texinfo-2264)	Nessus	SuSE Local Security Checks	medium
24588	Mandrake Linux Security Advisory : texinfo (MDKSA-2006:203)	Nessus	Mandriva Local Security Checks	medium
23742	Debian DSA-1219-1 : texinfo - buffer overflow	Nessus	Debian Local Security Checks	medium
23710	GLSA-200611-16 : Texinfo: Buffer overflow	Nessus	Gentoo Local Security Checks	medium
23678	RHEL 2.1 / 3 / 4 : texinfo (RHSA-2006:0727)	Nessus	Red Hat Local Security Checks	medium

Detections

Analytics

CVE-2006-4810

high

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium