Vulnerability Details : CVE-2011-1400
The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.
Vulnerability category: Execute code
Products affected by CVE-2011-1400
- cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:2.02:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:2.03:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:2.04:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.40:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.43:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:2.00:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:2.01:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.17:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.16:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.33:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.41:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.38:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.19:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.18:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.35:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.32:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.27:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.24:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:2.05:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:2.06:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.42:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.37:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.8:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.15:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.14:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.31:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.28:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.23:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.20:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.30:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.25:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.22:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.1:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:2.07:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:2.08:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.44:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.36:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.39:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.9:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.13:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.12:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.34:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.29:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.26:*:*:*:*:*:*:*
- cpe:2.3:a:debian:tex-common:0.21:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
Threat overview for CVE-2011-1400
Top countries where our scanners detected CVE-2011-1400
Top open port discovered on systems with this issue
8200
IPs affected by CVE-2011-1400 2,339
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-1400!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-1400
2.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1400
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-1400
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1400
-
http://www.debian.org/security/2011/dsa-2198
Debian -- Security Information -- DSA-2198-1 tex-common
-
http://www.vupen.com/english/advisories/2011/0731
Webmail | OVH- OVHVendor Advisory
-
http://www.vupen.com/english/advisories/2011/0861
Webmail | OVH- OVHVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/66249
tex-common shell_escape_commands code execution CVE-2011-1400 Vulnerability Report
-
http://www.ubuntu.com/usn/USN-1103-1
USN-1103-1: tex-common vulnerability | Ubuntu security notices
-
http://svn.debian.org/wsvn/debian-tex/tex-common/trunk/?op=log
-
http://svn.debian.org/wsvn/debian-tex/?op=comp&compare[]=%2Ftex-common%2Ftrunk@4781&compare[]=%2Ftex-common%2Ftrunk@4812
-
http://www.securityfocus.com/bid/46986
Debian tex-common 'shell_escape_commands' Directive Remote Code Execution Vulnerability
Jump to