Arbitrary Code Execution Vulnerability in tex-common Package

Arbitrary Code Execution Vulnerability in tex-common Package

CVE-2011-1400 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

Learn more about our Cis Benchmark Audit For Debian Linux.