{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-11-06T00:00:00", "descriptions": [{"lang": "en", "value": "dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1928"}, {"name": "27672", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27672"}, {"name": "27743", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27743"}, {"name": "SUSE-SR:2008:011", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"}, {"name": "28412", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28412"}, {"name": "27686", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27686"}, {"name": "USN-554-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/554-1/"}, {"name": "42238", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/42238"}, {"name": "26469", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26469"}, {"name": "GLSA-200805-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"}, {"name": "GLSA-200711-26", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"}, {"name": "30168", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30168"}, {"name": "ADV-2007-3896", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3896"}, {"name": "27718", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27718"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"}, {"name": "GLSA-200711-34", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"}, {"name": "27967", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27967"}, {"name": "FEDORA-2007-3390", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"}, {"name": "1019058", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019058"}, {"name": "28107", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28107"}, {"name": "MDKSA-2007:230", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"}, {"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"}, {"name": "SUSE-SR:2008:001", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-5936", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://bugs.gentoo.org/attachment.cgi?id=135423", "refsource": "MISC", "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"}, {"name": "https://issues.rpath.com/browse/RPL-1928", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1928"}, {"name": "27672", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27672"}, {"name": "27743", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27743"}, {"name": "SUSE-SR:2008:011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"}, {"name": "28412", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28412"}, {"name": "27686", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27686"}, {"name": "USN-554-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/554-1/"}, {"name": "42238", "refsource": "OSVDB", "url": "http://osvdb.org/42238"}, {"name": "26469", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26469"}, {"name": "GLSA-200805-13", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"}, {"name": "GLSA-200711-26", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=198238", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"}, {"name": "30168", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30168"}, {"name": "ADV-2007-3896", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3896"}, {"name": "27718", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27718"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=368611", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"}, {"name": "GLSA-200711-34", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"}, {"name": "27967", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27967"}, {"name": "FEDORA-2007-3390", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"}, {"name": "1019058", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019058"}, {"name": "28107", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28107"}, {"name": "MDKSA-2007:230", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"}, {"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"}, {"name": "SUSE-SR:2008:001", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:47:00.575Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1928"}, {"name": "27672", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27672"}, {"name": "27743", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27743"}, {"name": "SUSE-SR:2008:011", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"}, {"name": "28412", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28412"}, {"name": "27686", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27686"}, {"name": "USN-554-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/554-1/"}, {"name": "42238", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/42238"}, {"name": "26469", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26469"}, {"name": "GLSA-200805-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"}, {"name": "GLSA-200711-26", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"}, {"name": "30168", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30168"}, {"name": "ADV-2007-3896", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3896"}, {"name": "27718", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27718"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"}, {"name": "GLSA-200711-34", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"}, {"name": "27967", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27967"}, {"name": "FEDORA-2007-3390", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"}, {"name": "1019058", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019058"}, {"name": "28107", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28107"}, {"name": "MDKSA-2007:230", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"}, {"name": "20080212 FLEA-2008-0006-1 tetex tetex-dvips tetex-fonts", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"}, {"name": "SUSE-SR:2008:001", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-5936", "datePublished": "2007-11-13T22:00:00", "dateReserved": "2007-11-13T00:00:00", "dateUpdated": "2024-08-07T15:47:00.575Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tetex:tetex:*:*:*:*:*:*:*:*", "matchCriteriaId": "87CCAA71-B817-48A0-81C0-9E4DC4953C9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:tug:texlive_2007:*:*:*:*:*:*:*:*", "matchCriteriaId": "B01AD712-1D5C-49B6-AF51-4A4A2BA3FD83", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place."}, {"lang": "es", "value": "dvips en teTex y TeXlive 2007 y anteriores permite a usuarios locales obtener informaci\u00f3n sensible y modificar ciertos datos a trav\u00e9s de la creaci\u00f3n de ciertos archivos temporales antes de que sean procesados por dviljk, lo cual permite que puedan ser leidos o modificados en el lugar."}], "id": "CVE-2007-5936", "lastModified": "2018-10-15T21:47:21.707", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-11-13T22:46:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/attachment.cgi?id=135423"}, {"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=198238"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/42238"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27672"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27686"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27718"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27743"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/27967"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28107"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/28412"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30168"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200711-26.xml"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200711-34.xml"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200805-13.xml"}, {"source": "cve@mitre.org", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0266"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:230"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/487984/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/26469"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019058"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3896"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"}, {"source": "cve@mitre.org", "url": "https://issues.rpath.com/browse/RPL-1928"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/554-1/"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00663.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable.\n\nteTeX is packaged without the dviljk binary in Red Hat Enterprise Linux, making it impossible to exploit this flaw. We are however including this fix in RHSA-2010:0399, RHSA-2010:0400, and RHSA-2010:0401 in the event the binary is shipped in the future.", "lastModified": "2010-05-06T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "dviljk uses insecure temporary file", "id": "368611", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=368611"}, "csaw": false, "cwe": "CWE-377", "details": ["dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place."], "name": "CVE-2007-5936", "public_date": "2007-11-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-5936\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-5936"], "statement": "Not vulnerable. This issue did not affect the versions of tetex packages as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not provide the dviljk binary.", "threat_severity": "Low", "upstream_fix": "3.0 40.3.fc7"}