Debian DSA-1219-1 : texinfo - buffer overflow

Medium Nessus Plugin ID 23742


The remote Debian host is missing a security-related update.


Multiple vulnerabilities have been found in the GNU texinfo package, a documentation system for on-line information and printed output.

- CVE-2005-3011 Handling of temporary files is performed in an insecure manner, allowing an attacker to overwrite any file writable by the victim.

- CVE-2006-4810 A buffer overflow in util/texindex.c could allow an attacker to execute arbitrary code with the victim's access rights by inducing the victim to run texindex or tex2dvi on a specially crafted texinfo file.


Upgrade the texinfo package.

For the stable distribution (sarge), these problems have been fixed in version 4.7-2.2sarge2. Note that binary packages for the mipsel architecture are not currently available due to technical problems with the build host. These packages will be made available as soon as possible.

For unstable (sid) and the upcoming stable release (etch), these problems have been fixed in version 4.8.dfsg.1-4.

See Also

Plugin Details

Severity: Medium

ID: 23742

File Name: debian_DSA-1219.nasl

Version: 1.16

Type: local

Agent: unix

Published: 2006/11/30

Updated: 2019/08/02

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:texinfo, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2006/11/27

Vulnerability Publication Date: 2005/09/14

Reference Information

CVE: CVE-2005-3011, CVE-2006-4810

BID: 14854, 20959

DSA: 1219