CVE-2011-1400

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-1400
The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/43816 Vendor Advisory
http://secunia.com/advisories/43973 Vendor Advisory
http://svn.debian.org/wsvn/debian-tex/?op=comp&compare%5B%5D=%2Ftex-common%2Ftrunk%404781&compare%5B%5D=%2Ftex-common%2Ftrunk%404812
http://svn.debian.org/wsvn/debian-tex/tex-common/trunk/?op=log
http://www.debian.org/security/2011/dsa-2198
http://www.securityfocus.com/bid/46986
http://www.ubuntu.com/usn/USN-1103-1
http://www.vupen.com/english/advisories/2011/0731 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0861 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/66249
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:debian:tex-common:0.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.14:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.15:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.16:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.17:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.18:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.19:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.20:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.21:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.22:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.23:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.24:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.25:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.26:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.27:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.28:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.29:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.30:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.31:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.32:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.33:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.34:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.35:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.36:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.37:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.38:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.39:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.40:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.41:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.42:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.43:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:0.44:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.0:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.4:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.5:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.6:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.7:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.8:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.9:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.10:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.11:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.11.2:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.11.3:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.12:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.13:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.14:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.15:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.16:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.17:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.18:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.19:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:1.20:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.00:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.01:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.02:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.03:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.04:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.05:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.06:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.07:*:*:*:*:*:*:*
cpe:2.3:a:debian:tex-common:2.08:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
History

07 Nov 2023, 02:07

Type Values Removed Values Added
References
  • {'url': 'http://svn.debian.org/wsvn/debian-tex/?op=comp&compare[]=%2Ftex-common%2Ftrunk@4781&compare[]=%2Ftex-common%2Ftrunk@4812', 'name': 'http://svn.debian.org/wsvn/debian-tex/?op=comp&compare[]=%2Ftex-common%2Ftrunk@4781&compare[]=%2Ftex-common%2Ftrunk@4812', 'tags': [], 'refsource': 'CONFIRM'}
  • () http://svn.debian.org/wsvn/debian-tex/?op=comp&compare%5B%5D=%2Ftex-common%2Ftrunk%404781&compare%5B%5D=%2Ftex-common%2Ftrunk%404812 -
Information

Published : 2011-03-25 19:55

Updated : 2023-12-10 11:03

NVD link : CVE-2011-1400

Mitre link : CVE-2011-1400

CVE.ORG link : CVE-2011-1400

JSON object : View

Products Affected

canonical

  • ubuntu_linux

debian

  • debian_linux
  • tex-common
CWE
CWE-16

Configuration