← Voltar para CVEs
CVE-2016-10243
N/ADescricao
TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shell_escape_commands in the texmf.cnf config file.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado5/2/2017
Ultima modificacao4/20/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
debian:debian_linuxfedoraproject:fedoratug:tex_live
Fraquezas (CWE)
CWE-20
Referencias
http://www.debian.org/security/2017/dsa-3803(cve@mitre.org)
http://www.openwall.com/lists/oss-security/2017/03/05/1(cve@mitre.org)
http://www.securityfocus.com/bid/96593(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/(cve@mitre.org)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/(cve@mitre.org)
https://security.gentoo.org/glsa/201709-07(cve@mitre.org)
https://www.tug.org/svn/texlive?view=revision&revision=42605(cve@mitre.org)
http://www.debian.org/security/2017/dsa-3803(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2017/03/05/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/96593(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7CNJ4HKX7X6V7VMN3UCU7KPY6IX4XRB/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VL6PUKPWEXYIPIAZRIX5ZLQWCSALVLFP/(af854a3a-2127-422b-91ae-364da2661108)
https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201709-07(af854a3a-2127-422b-91ae-364da2661108)
https://www.tug.org/svn/texlive?view=revision&revision=42605(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.