CVE-2011-1400

Severity

68%

Complexity

86%

Confidentiality

106%

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 13 years ago

2011-03-25 19:55:00

Last updated 6 years ago

2018-08-13 21:47:00

Affected Software

Canonical Ubuntu Linux 10.04 LTS

10.04

Canonical Ubuntu Linux 10.10

10.10

Debian Linux

References

43816

Vendor Advisory

43973

Vendor Advisory

http://svn.debian.org/wsvn/debian-tex/?op=comp&compare[]=%2Ftex-common%2Ftrunk@4781&compare[]=%2Ftex-common%2Ftrunk@4812

http://svn.debian.org/wsvn/debian-tex/tex-common/trunk/?op=log

DSA-2198

46986

USN-1103-1

ADV-2011-0731

Vendor Advisory

ADV-2011-0861

Vendor Advisory

texcommon-shellescapecommands-ce(66249)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.