CVE-2016-10243 - OpenCVE

TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Tug	Tex Live
Debian	Debian Linux
Fedoraproject	Fedora

Configuration 1 [-]

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:fedoraproject:fedora:25:::::::*
	cpe:2.3:o:fedoraproject:fedora:26:::::::*

Configuration 3 [-]

cpe:2.3:a:tug:tex_live:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.debian.org/security/2017/dsa-3803	Third Party Advisory
http://www.openwall.com/lists/oss-security/2017/03/05/1	Mailing List Third Party Advisory
http://www.securityfocus.com/bid/96593	Third Party Advisory VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/
https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/	Exploit Technical Description Third Party Advisory
https://security.gentoo.org/glsa/201709-07
https://www.tug.org/svn/texlive?view=revision&revision=42605	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-05-02T14:00:00

Updated: 2017-09-18T09:57:01

Reserved: 2017-03-05T00:00:00

Link: CVE-2016-10243

JSON object: View

NVD Information

Status : Modified

Published: 2017-05-02T14:59:00.283

Modified: 2023-11-07T02:29:33.290

Link: CVE-2016-10243

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-11-28T00:00:00", "descriptions": [{"lang": "en", "value": "TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-18T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/"}, {"name": "FEDORA-2017-a8add6c46c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tug.org/svn/texlive?view=revision&revision=42605"}, {"name": "GLSA-201709-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201709-07"}, {"name": "DSA-3803", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3803"}, {"name": "[oss-security] 20170305 TeX Live: CVE-2016-10243: whitelists a insecure binary/utility to be run as external program", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2017/03/05/1"}, {"name": "96593", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/96593"}, {"name": "FEDORA-2017-b72cafa5b4", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-10243", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/", "refsource": "MISC", "url": "https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/"}, {"name": "FEDORA-2017-a8add6c46c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/"}, {"name": "https://www.tug.org/svn/texlive?view=revision&revision=42605", "refsource": "CONFIRM", "url": "https://www.tug.org/svn/texlive?view=revision&revision=42605"}, {"name": "GLSA-201709-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201709-07"}, {"name": "DSA-3803", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3803"}, {"name": "[oss-security] 20170305 TeX Live: CVE-2016-10243: whitelists a insecure binary/utility to be run as external program", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2017/03/05/1"}, {"name": "96593", "refsource": "BID", "url": "http://www.securityfocus.com/bid/96593"}, {"name": "FEDORA-2017-b72cafa5b4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-10243", "datePublished": "2017-05-02T14:00:00", "dateReserved": "2017-03-05T00:00:00", "dateUpdated": "2017-09-18T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*", "matchCriteriaId": "6E4D8269-B407-4C24-AAB0-02F885C7D752", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tug:tex_live:-:*:*:*:*:*:*:*", "matchCriteriaId": "73A807CA-D232-4B2E-AA89-8A95D3D3066E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file."}, {"lang": "es", "value": "TeX Live permite a atacantes remotos ejecutar comandos arbitrarios aprovechando la inclusi\u00f3n de mpost en shell_escape_commands en el archivo de configuraci\u00f3n texmf.cnf."}], "id": "CVE-2016-10243", "lastModified": "2023-11-07T02:29:33.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-02T14:59:00.283", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3803"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/03/05/1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/96593"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201709-07"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.tug.org/svn/texlive?view=revision&revision=42605"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}