CVE-2015-0296: Medium severity tex live vulnerability

Published Feb 27, 2015
·
Updated

A flaw was found in the pre-install script of texlive-base package derived from texlive package. This flaw allows unprivileged user to remove arbitrary files on the system.

~ rpm -qa texlive-base --scripts preinstall scriptlet (using /bin/sh): rm -rf /usr/share/texlive/texmf-var rm -rf /var/lib/texmf/

Following script in the preinstall scriplet allows attacker to remove arbitrary files on the systems for i in find /home//.texlive -type d -prune; do find $i -name .fmt -type f | xargs rm -f > /dev/null 2>&1 done ...

Attacker can create a malicious file in his $HOME directory that would trigger file removal and wait for the texlive-base package to be updated by administrator, as when package will be updated it would run preinstall scriplet which would then run malicious file in attacker $HOME directory as privileged user.

Reproducer and more information:

https://bugzilla.redhat.com/showbug.cgi?id=1099238

Other sources

The pre-install script in texlive 3.1.20140525r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory.

MITRE

Affected Software

4 affected components
Tug Texlive=6.20131226_r32488.fc20
Fedoraproject Fedora=20
Tug Texlive=3.1.20140525_r34255.fc21
Fedoraproject Fedora=21

Event History

Feb 27, 2015
Data Sourced
01:12 PM
DescriptionSeverityAffected Software
Oct 6, 2017
CVE Published
via MITRE·10:00 PM
Data Sourced
via MITRE·10:00 PM
Description
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2015-0296?

CVE-2015-0296 is a high severity vulnerability because it allows unprivileged users to remove arbitrary files on the system.

2

How do I fix CVE-2015-0296?

To fix CVE-2015-0296, upgrade the texlive-base package to a version that does not contain the flawed pre-install script.

3

What systems are affected by CVE-2015-0296?

CVE-2015-0296 affects the texlive-base package on Fedora versions 20 and 21.

4

What is the description of CVE-2015-0296?

CVE-2015-0296 describes a vulnerability in the pre-install script of the texlive-base package that allows unprivileged users to delete arbitrary system files.

5

Can CVE-2015-0296 be exploited remotely?

CVE-2015-0296 requires local access to the system to exploit, as it involves executing the flawed pre-install script.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203