Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 5 Mar 2017 11:52:26 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: TeX Live: CVE-2016-10243: whitelists a insecure binary/utility to be
 run as external program

Hi

Via http://cveform.mitre.org/ CVE-2016-10243 was assigned for the
following issue in the TeX Live system:

> The TeX system allows for calling external programs from within the
> TeX source code (called \write18). This has been restricted to a
> small set of programs since a long time ago.
>
> Unfortunately it turned out that one program in the list, mpost
> (also shipped with TeX Live), allows in turn to specify other
> programs to be run, which allows arbitrary code execution when
> compiling a TeX document.

Upstream commit addressing the issue:

https://www.tug.org/svn/texlive?view=revision&revision=42605

Report on the issue:

https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.