Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1400

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-1400
Last Modified 07 Sep 2011 12:00:00
Published 25 Mar 2011 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1400

Summary

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

Vulnerable Systems

Operating System

  • Canonical Ubuntu Linux 10.04

  • Canonical Ubuntu Linux 10.10

  • Debian Linux

Application

  • Debian Tex-common 0.1

  • Debian Tex-common 0.10

  • Debian Tex-common 0.11

  • Debian Tex-common 0.12

  • Debian Tex-common 0.13

  • Debian Tex-common 0.14

  • Debian Tex-common 0.15

  • Debian Tex-common 0.16

  • Debian Tex-common 0.17

  • Debian Tex-common 0.18

  • Debian Tex-common 0.19

  • Debian Tex-common 0.2

  • Debian Tex-common 0.20

  • Debian Tex-common 0.21

  • Debian Tex-common 0.22

  • Debian Tex-common 0.23

  • Debian Tex-common 0.24

  • Debian Tex-common 0.25

  • Debian Tex-common 0.26

  • Debian Tex-common 0.27

  • Debian Tex-common 0.28

  • Debian Tex-common 0.29

  • Debian Tex-common 0.3

  • Debian Tex-common 0.30

  • Debian Tex-common 0.31

  • Debian Tex-common 0.32

  • Debian Tex-common 0.33

  • Debian Tex-common 0.34

  • Debian Tex-common 0.35

  • Debian Tex-common 0.36

  • Debian Tex-common 0.37

  • Debian Tex-common 0.38

  • Debian Tex-common 0.39

  • Debian Tex-common 0.4

  • Debian Tex-common 0.40

  • Debian Tex-common 0.41

  • Debian Tex-common 0.42

  • Debian Tex-common 0.43

  • Debian Tex-common 0.44

  • Debian Tex-common 0.5

  • Debian Tex-common 0.6

  • Debian Tex-common 0.7

  • Debian Tex-common 0.8

  • Debian Tex-common 0.9

  • Debian Tex-common 1.0

  • Debian Tex-common 1.1

  • Debian Tex-common 1.10

  • Debian Tex-common 1.11

  • Debian Tex-common 1.11.1

  • Debian Tex-common 1.11.2

  • Debian Tex-common 1.11.3

  • Debian Tex-common 1.12

  • Debian Tex-common 1.13

  • Debian Tex-common 1.14

  • Debian Tex-common 1.15

  • Debian Tex-common 1.16

  • Debian Tex-common 1.17

  • Debian Tex-common 1.18

  • Debian Tex-common 1.19

  • Debian Tex-common 1.2

  • Debian Tex-common 1.20

  • Debian Tex-common 1.3

  • Debian Tex-common 1.4

  • Debian Tex-common 1.5

  • Debian Tex-common 1.6

  • Debian Tex-common 1.7

  • Debian Tex-common 1.8

  • Debian Tex-common 1.9

  • Debian Tex-common 2.00

  • Debian Tex-common 2.01

  • Debian Tex-common 2.02

  • Debian Tex-common 2.03

  • Debian Tex-common 2.04

  • Debian Tex-common 2.05

  • Debian Tex-common 2.06

  • Debian Tex-common 2.07

  • Debian Tex-common 2.08


References

XF - texcommon-shellescapecommands-ce(66249)

VUPEN - ADV-2011-0861

VUPEN - ADV-2011-0731

UBUNTU - USN-1103-1

BID - 46986

DEBIAN - DSA-2198

CONFIRM - http://svn.debian.org/wsvn/debian-tex/tex-common/trunk/?op=log

CONFIRM - http://svn.debian.org/wsvn/debian-tex/?op=comp&compare[]=%2Ftex-common%2Ftrunk@4781&compare[]=%2Ftex-common%2Ftrunk@4812

SECUNIA - 43973

SECUNIA - 43816


Last Updated: 27 May 2016 10:56:18