The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P
Vendors Products
Debian
  • Tex-common
  • Debian Linux
Canonical
  • Ubuntu Linux

Configuration 1 [-]

OR cpe:2.3:a:debian:tex-common:0.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.14:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.15:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.16:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.17:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.18:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.19:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.20:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.21:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.22:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.23:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.24:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.25:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.26:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.27:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.28:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.29:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.30:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.31:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.32:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.33:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.34:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.35:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.36:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.37:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.38:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.39:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.40:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.41:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.42:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.43:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.44:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.11.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.14:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.15:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.16:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.17:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.18:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.19:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.20:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.00:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.01:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.02:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.03:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.04:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.05:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.06:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.07:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.08:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
References
Link Resource
http://secunia.com/advisories/43816 Vendor Advisory
http://secunia.com/advisories/43973 Vendor Advisory
http://svn.debian.org/wsvn/debian-tex/?op=comp&compare%5B%5D=%2Ftex-common%2Ftrunk%404781&compare%5B%5D=%2Ftex-common%2Ftrunk%404812
http://svn.debian.org/wsvn/debian-tex/tex-common/trunk/?op=log
http://www.debian.org/security/2011/dsa-2198
http://www.securityfocus.com/bid/46986
http://www.ubuntu.com/usn/USN-1103-1
http://www.vupen.com/english/advisories/2011/0731 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0861 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66249
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2011-03-25T19:00:00

Updated: 2017-08-16T14:57:01

Reserved: 2011-03-10T00:00:00

Link: CVE-2011-1400

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2011-03-25T19:55:01.607

Modified: 2023-11-07T02:07:00.757

Link: CVE-2011-1400

JSON object: View

cve-icon Redhat Information

No data.

CWE