TeX Live CVE-2016-10243 Remote Code Execution Vulnerability

TeX Live is prone to a remote code-execution vulnerability.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code. Failed attempts will likely result in denial-of-service conditions.

Information

Bugtraq ID: 96593
Class: Design Error
CVE: CVE-2016-10243

Remote: Yes
Local: No
Published: Mar 05 2017 12:00AM
Updated: Aug 23 2017 10:11AM
Credit: scumjr.
Vulnerable: Ubuntu Ubuntu Linux 16.04 LTS
Ubuntu Ubuntu Linux 14.04 LTS
Tug TeX Live 0

Not Vulnerable:

Exploit

The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

References:

TeX Live Homepage (TeX)
Pwning coworkers thanks to LaTeX (Github)
Revision 42605 (Tug)

Source: www.securityfocus.com

Exploit Collector

Search Exploit