Bug 976684 (CVE-2013-2208)

Summary: CVE-2013-2208 tpp: Possibility of arbitrary code execution when processing untrusted TPP template
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jesusr, jlieskov, kchamart, scorneli, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=moderate,public=20130621,reported=20130503,source=debian,cvss2=6.8/AV:N/AC:M/Au:N/C:P/I:P/A:P,fedora-all/tpp=affected,epel-6/tpp=affected
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-11-08 12:25:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 976686, 976687    
Bug Blocks:    
Description Flags
Local copy of Debian patch from http://patch-tracker.debian.org/patch/series/view/tpp/1.3.1-3/15-optional-exec.patch none

Description Jan Lieskovsky 2013-06-21 07:53:27 UTC
A security flaw was found in the way tpp, a ncurses-based presentation tool, processed TPP templates containing --exec clause (input provided as an argument of the --exec clause would be immediately executed without requesting a second confirmation from the user). A remote attacker could provide a specially-crafted text presentation program (TPP) template that, when processed with the tpp binary would lead to arbitrary code execution with the privileges of the user running the tpp executable.

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706644

Relevant patch from Debian distribution (adds requirement
the user to explicitly confirm code execution is desired):
[2] http://patch-tracker.debian.org/patch/series/view/tpp/1.3.1-3/15-optional-exec.patch

Comment 1 Jan Lieskovsky 2013-06-21 07:55:07 UTC
Created attachment 763691 [details]
Local copy of Debian patch from http://patch-tracker.debian.org/patch/series/view/tpp/1.3.1-3/15-optional-exec.patch

Comment 2 Jan Lieskovsky 2013-06-21 07:56:21 UTC
This issue affects the versions of the tpp package, as shipped with Fedora release of 17 and 18. Please schedule an update.


This issue affects the version of the tpp package, as shipped with Fedora EPEL 6. Please schedule an update.

Comment 3 Jan Lieskovsky 2013-06-21 07:57:11 UTC
Created tpp tracking bugs for this issue

Affects: fedora-all [bug 976686]
Affects: epel-6 [bug 976687]

Comment 4 Jan Lieskovsky 2013-06-21 08:05:13 UTC
GitHub patch link:

Comment 5 Jan Lieskovsky 2013-06-21 08:11:11 UTC
CVE Request:

Comment 6 Vincent Danen 2013-06-21 17:04:49 UTC
This issue was assigned the name CVE-2013-2208 as per http://seclists.org/oss-sec/2013/q2/609