Remote Code Execution Vulnerability in TeX Common Package on Debian and Ubuntu
CVE-2011-1400

Currently unrated

Key Information:

Vendor: Debian
Status: Tex-common; Ubuntu Linux; Debian Linux
Vendor: CVE Published:; 25 March 2011

What is CVE-2011-1400?

The TeX Common package contains a misconfiguration in the shell_escape_commands directive that can allow remote attackers to execute arbitrary code. This vulnerability arises specifically from the default settings in conf/texmf.d/95NonPath.cnf, which lists certain programs that can be exploited via a specially crafted TeX document. Users running affected versions of the TeX Common package on Debian and Ubuntu systems should take immediate actions to secure their installations.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66249

vdb-entryx_refsource_XF

http://secunia.com/advisories/43973

third-party-advisoryx_refsource_SECUNIA

http://svn.debian.org/wsvn/debian-tex/?op=comp&compare%5B...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2011
Vulnerability Reserved
Mar 10, 2011