oss-sec mailing list archives
Re: CVE Request -- tpp: Possibility of arbitrary code execution when processing untrusted TPP template
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 21 Jun 2013 09:54:34 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/21/2013 02:09 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors, A security flaw was found in the way tpp, a ncurses-based presentation tool, processed TPP templates containing --exec clause (input provided as an argument of the --exec clause would be immediately executed without requesting a second confirmation from the user). A remote attacker could provide a specially-crafted text presentation program (TPP) template that, when processed with the tpp binary would lead to arbitrary code execution with the privileges of the user running the tpp executable. References: [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706644 [2] http://patch-tracker.debian.org/patch/series/view/tpp/1.3.1-3/15-optional-exec.patch
(Debian distribution patch)
[3] https://bugzilla.redhat.com/show_bug.cgi?id=976684 Upstream patch / GitHub link: [4] https://github.com/xtaran/tpp/commit/350aafbd9a3256f6d479dacb9740bf3f0b9a3fc3 Could you allocate a CVE id for this? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Please use CVE-2013-2208 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRxHc6AAoJEBYNRVNeJnmTwrAP/jrtBpw2jTSLeN/nPd23k0B1 DhSGpu/73H+7d/h6ZQHC46mKU0u4jthsKOYlpyb0NN0QkTQSWvCEKPL5DoaGkpMp ZSr+k0aFfyZxSrUn12L+Of2T5/CBFIUkyYpJPQpIomcSYAH2JtCLuXhJ2ox0oc5R oK0g4EKrtH1CUXwXHS5MNvJjh4vajghPRucFRu4oMQjf3ETL1mgk/vrtKGAhUWyd sA4cgyXziWsYxl9PAobi6ftrAfNKUSy003hzg+i6A+xzmnvWsFFeklsYjolBLWlN wIbeF4H52z2mlvF+kk6M1EQ8fijxry1Y85HYq53vAaevsoibPQ5cDdWm35bYEnZL mToJ+2+xV/07yxSg6MgR8F2BTfk94pxGgSzRmq7i5UpxDre78Lu8bCKLJIjKDayy 44p4cN7yroZtDfvelx96pqbrPS0dkwOynwFF2XE4yr6bcDR3M29dLnP70ybMd8ua v3jJOineQUZsAkm/BkC3eArtsE2dYO6RZCgyZHzP+fUbI45Z7lJ013oI6ssISiM2 9/Z1OpL5TCJwF2veC1KpYyUVbQOcmxzQEw1EB3jMudC8fGCnKD6VfPhekl0cDIeF gu8txEzUBk5ZRJ1H3fo77SWG+nz2ltCq7NAHDvgJ100FXoKa0ehV7PIbH8njl9E+ 4qyMwAzWb9AnHFEorgVL =anQ1 -----END PGP SIGNATURE-----
Current thread:
- CVE Request -- tpp: Possibility of arbitrary code execution when processing untrusted TPP template Jan Lieskovsky (Jun 21)
- Re: CVE Request -- tpp: Possibility of arbitrary code execution when processing untrusted TPP template Kurt Seifried (Jun 21)