[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1400Date: (C)2011-03-25   (M)2023-12-22


The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-43816
SECUNIA-43973
BID-46986
ADV-2011-0731
ADV-2011-0861
DSA-2198
USN-1103-1
http://svn.debian.org/wsvn/debian-tex/?op=comp&compare%5B%5D=%2Ftex-common%2Ftrunk%404781&compare%5B%5D=%2Ftex-common%2Ftrunk%404812
http://svn.debian.org/wsvn/debian-tex/tex-common/trunk/?op=log
texcommon-shellescapecommands-ce(66249)

CPE    3
cpe:/o:canonical:ubuntu_linux:10.10
cpe:/o:debian:debian_linux
cpe:/o:canonical:ubuntu_linux:10.04:-:lts
CWE    1
CWE-16
OVAL    2
oval:org.secpod.oval:def:700279
oval:org.secpod.oval:def:600216

© SecPod Technologies