Bug 976684 (CVE-2013-2208) - CVE-2013-2208 tpp: Possibility of arbitrary code execution when processing untrusted TPP template
Summary: CVE-2013-2208 tpp: Possibility of arbitrary code execution when processing un...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2013-2208
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 976686 976687
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-06-21 07:53 UTC by Jan Lieskovsky
Modified: 2019-09-29 13:05 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-11-08 12:25:02 UTC


Attachments (Terms of Use)
Local copy of Debian patch from http://patch-tracker.debian.org/patch/series/view/tpp/1.3.1-3/15-optional-exec.patch (1.85 KB, patch)
2013-06-21 07:55 UTC, Jan Lieskovsky
no flags Details | Diff

Description Jan Lieskovsky 2013-06-21 07:53:27 UTC
A security flaw was found in the way tpp, a ncurses-based presentation tool, processed TPP templates containing --exec clause (input provided as an argument of the --exec clause would be immediately executed without requesting a second confirmation from the user). A remote attacker could provide a specially-crafted text presentation program (TPP) template that, when processed with the tpp binary would lead to arbitrary code execution with the privileges of the user running the tpp executable.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706644

Relevant patch from Debian distribution (adds requirement
the user to explicitly confirm code execution is desired):
[2] http://patch-tracker.debian.org/patch/series/view/tpp/1.3.1-3/15-optional-exec.patch

Comment 1 Jan Lieskovsky 2013-06-21 07:55:07 UTC
Created attachment 763691 [details]
Local copy of Debian patch from http://patch-tracker.debian.org/patch/series/view/tpp/1.3.1-3/15-optional-exec.patch

Comment 2 Jan Lieskovsky 2013-06-21 07:56:21 UTC
This issue affects the versions of the tpp package, as shipped with Fedora release of 17 and 18. Please schedule an update.

--

This issue affects the version of the tpp package, as shipped with Fedora EPEL 6. Please schedule an update.

Comment 3 Jan Lieskovsky 2013-06-21 07:57:11 UTC
Created tpp tracking bugs for this issue

Affects: fedora-all [bug 976686]
Affects: epel-6 [bug 976687]

Comment 4 Jan Lieskovsky 2013-06-21 08:05:13 UTC
GitHub patch link:
  https://github.com/xtaran/tpp/commit/350aafbd9a3256f6d479dacb9740bf3f0b9a3fc3

Comment 5 Jan Lieskovsky 2013-06-21 08:11:11 UTC
CVE Request:
  http://www.openwall.com/lists/oss-security/2013/06/21/2

Comment 6 Vincent Danen 2013-06-21 17:04:49 UTC
This issue was assigned the name CVE-2013-2208 as per http://seclists.org/oss-sec/2013/q2/609


Note You need to log in before you can comment on or make changes to this bug.