Lucene search

Ubuntu.comUB:CVE-2011-1400

HistoryMar 25, 2011 - 12:00 a.m.

CVE-2011-1400

2011-03-2500:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.092 Low

EPSS

Percentile

94.6%

JSON

The default configuration of the shell_escape_commands directive in
conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in
Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other
operating systems lists certain programs, which might allow remote
attackers to execute arbitrary code via a crafted TeX document.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchtex-common< 2.06ubuntu0.1UNKNOWN
ubuntu10.10noarchtex-common< 2.08ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	tex-common	< 2.06ubuntu0.1	UNKNOWN
ubuntu	10.10	noarch	tex-common	< 2.08ubuntu0.1	UNKNOWN

References

www.debian.org/security/2011/dsa-2198

launchpad.net/bugs/cve/CVE-2011-1400

nvd.nist.gov/vuln/detail/CVE-2011-1400

security-tracker.debian.org/tracker/CVE-2011-1400

ubuntu.com/security/notices/USN-1103-1

www.cve.org/CVERecord?id=CVE-2011-1400

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.092 Low

EPSS

Percentile

94.6%

JSON

Related for UB:CVE-2011-1400