Vulnerability Details CVE-2011-1400
The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.6%
CVSS Severity
CVSS v2 Score 6.8
References
- http://secunia.com/advisories/43816
- http://secunia.com/advisories/43973
- http://svn.debian.org/wsvn/debian-tex/?op=comp&compare%5B%5D=%2Ftex-common%2Ftrunk%404781&compare%5B%5D=%2Ftex-common%2Ftrunk%404812
- http://svn.debian.org/wsvn/debian-tex/tex-common/trunk/?op=log
- http://www.debian.org/security/2011/dsa-2198
- http://www.securityfocus.com/bid/46986
- http://www.ubuntu.com/usn/USN-1103-1
- http://www.vupen.com/english/advisories/2011/0731
- http://www.vupen.com/english/advisories/2011/0861
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66249
- http://secunia.com/advisories/43816
- http://secunia.com/advisories/43973
- http://svn.debian.org/wsvn/debian-tex/?op=comp&compare%5B%5D=%2Ftex-common%2Ftrunk%404781&compare%5B%5D=%2Ftex-common%2Ftrunk%404812
- http://svn.debian.org/wsvn/debian-tex/tex-common/trunk/?op=log
- http://www.debian.org/security/2011/dsa-2198
- http://www.securityfocus.com/bid/46986
- http://www.ubuntu.com/usn/USN-1103-1
- http://www.vupen.com/english/advisories/2011/0731
- http://www.vupen.com/english/advisories/2011/0861
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66249
Products affected by CVE-2011-1400
-
cpe:2.3:a:debian:tex-common:0.1
-
cpe:2.3:a:debian:tex-common:0.10
-
cpe:2.3:a:debian:tex-common:0.11
-
cpe:2.3:a:debian:tex-common:0.12
-
cpe:2.3:a:debian:tex-common:0.13
-
cpe:2.3:a:debian:tex-common:0.14
-
cpe:2.3:a:debian:tex-common:0.15
-
cpe:2.3:a:debian:tex-common:0.16
-
cpe:2.3:a:debian:tex-common:0.17
-
cpe:2.3:a:debian:tex-common:0.18
-
cpe:2.3:a:debian:tex-common:0.19
-
cpe:2.3:a:debian:tex-common:0.2
-
cpe:2.3:a:debian:tex-common:0.20
-
cpe:2.3:a:debian:tex-common:0.21
-
cpe:2.3:a:debian:tex-common:0.22
-
cpe:2.3:a:debian:tex-common:0.23
-
cpe:2.3:a:debian:tex-common:0.24
-
cpe:2.3:a:debian:tex-common:0.25
-
cpe:2.3:a:debian:tex-common:0.26
-
cpe:2.3:a:debian:tex-common:0.27
-
cpe:2.3:a:debian:tex-common:0.28
-
cpe:2.3:a:debian:tex-common:0.29
-
cpe:2.3:a:debian:tex-common:0.3
-
cpe:2.3:a:debian:tex-common:0.30
-
cpe:2.3:a:debian:tex-common:0.31
-
cpe:2.3:a:debian:tex-common:0.32
-
cpe:2.3:a:debian:tex-common:0.33
-
cpe:2.3:a:debian:tex-common:0.34
-
cpe:2.3:a:debian:tex-common:0.35
-
cpe:2.3:a:debian:tex-common:0.36
-
cpe:2.3:a:debian:tex-common:0.37
-
cpe:2.3:a:debian:tex-common:0.38
-
cpe:2.3:a:debian:tex-common:0.39
-
cpe:2.3:a:debian:tex-common:0.4
-
cpe:2.3:a:debian:tex-common:0.40
-
cpe:2.3:a:debian:tex-common:0.41
-
cpe:2.3:a:debian:tex-common:0.42
-
cpe:2.3:a:debian:tex-common:0.43
-
cpe:2.3:a:debian:tex-common:0.44
-
cpe:2.3:a:debian:tex-common:0.5
-
cpe:2.3:a:debian:tex-common:0.6
-
cpe:2.3:a:debian:tex-common:0.7
-
cpe:2.3:a:debian:tex-common:0.8
-
cpe:2.3:a:debian:tex-common:0.9
-
cpe:2.3:a:debian:tex-common:1.0
-
cpe:2.3:a:debian:tex-common:1.1
-
cpe:2.3:a:debian:tex-common:1.10
-
cpe:2.3:a:debian:tex-common:1.11
-
cpe:2.3:a:debian:tex-common:1.11.1
-
cpe:2.3:a:debian:tex-common:1.11.2
-
cpe:2.3:a:debian:tex-common:1.11.3
-
cpe:2.3:a:debian:tex-common:1.12
-
cpe:2.3:a:debian:tex-common:1.13
-
cpe:2.3:a:debian:tex-common:1.14
-
cpe:2.3:a:debian:tex-common:1.15
-
cpe:2.3:a:debian:tex-common:1.16
-
cpe:2.3:a:debian:tex-common:1.17
-
cpe:2.3:a:debian:tex-common:1.18
-
cpe:2.3:a:debian:tex-common:1.19
-
cpe:2.3:a:debian:tex-common:1.2
-
cpe:2.3:a:debian:tex-common:1.20
-
cpe:2.3:a:debian:tex-common:1.3
-
cpe:2.3:a:debian:tex-common:1.4
-
cpe:2.3:a:debian:tex-common:1.5
-
cpe:2.3:a:debian:tex-common:1.6
-
cpe:2.3:a:debian:tex-common:1.7
-
cpe:2.3:a:debian:tex-common:1.8
-
cpe:2.3:a:debian:tex-common:1.9
-
cpe:2.3:a:debian:tex-common:2.00
-
cpe:2.3:a:debian:tex-common:2.01
-
cpe:2.3:a:debian:tex-common:2.02
-
cpe:2.3:a:debian:tex-common:2.03
-
cpe:2.3:a:debian:tex-common:2.04
-
cpe:2.3:a:debian:tex-common:2.05
-
cpe:2.3:a:debian:tex-common:2.06
-
cpe:2.3:a:debian:tex-common:2.07
-
cpe:2.3:a:debian:tex-common:2.08
-
cpe:2.3:o:canonical:ubuntu_linux:10.04
-
cpe:2.3:o:canonical:ubuntu_linux:10.10
-
cpe:2.3:o:debian:debian_linux:-
-
cpe:2.3:o:debian:debian_linux:0.9.1
-
cpe:2.3:o:debian:debian_linux:0.9.2
-
cpe:2.3:o:debian:debian_linux:0.9.3
-
cpe:2.3:o:debian:debian_linux:0.9.4
-
cpe:2.3:o:debian:debian_linux:0.93
-
cpe:2.3:o:debian:debian_linux:1.1
-
cpe:2.3:o:debian:debian_linux:1.2
-
cpe:2.3:o:debian:debian_linux:1.3
-
cpe:2.3:o:debian:debian_linux:1.3.1
-
cpe:2.3:o:debian:debian_linux:10
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:debian:debian_linux:12.0
-
cpe:2.3:o:debian:debian_linux:13.0
-
cpe:2.3:o:debian:debian_linux:2.0
-
cpe:2.3:o:debian:debian_linux:2.0.34
-
cpe:2.3:o:debian:debian_linux:2.0.5
-
cpe:2.3:o:debian:debian_linux:2.1
-
cpe:2.3:o:debian:debian_linux:2.1.8.8.p3-1.1
-
cpe:2.3:o:debian:debian_linux:2.2
-
cpe:2.3:o:debian:debian_linux:2.3
-
cpe:2.3:o:debian:debian_linux:2.5.2-1
-
cpe:2.3:o:debian:debian_linux:2.5.3-16
-
cpe:2.3:o:debian:debian_linux:2.5.3-3
-
cpe:2.3:o:debian:debian_linux:3.0
-
cpe:2.3:o:debian:debian_linux:3.0.18
-
cpe:2.3:o:debian:debian_linux:3.0.23
-
cpe:2.3:o:debian:debian_linux:3.1
-
cpe:2.3:o:debian:debian_linux:3.2.4
-
cpe:2.3:o:debian:debian_linux:4.0
-
cpe:2.3:o:debian:debian_linux:5.0
-
cpe:2.3:o:debian:debian_linux:5.0.9
-
cpe:2.3:o:debian:debian_linux:6.0
-
cpe:2.3:o:debian:debian_linux:6.0.14
-
cpe:2.3:o:debian:debian_linux:6.2
-
cpe:2.3:o:debian:debian_linux:7.0
-
cpe:2.3:o:debian:debian_linux:7.1
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:debian:debian_linux:9.2