This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 976684 - (CVE-2013-2208) CVE-2013-2208 tpp: Possibility of arbitrary code execution when processing untrusted TPP template
CVE-2013-2208 tpp: Possibility of arbitrary code execution when processing un...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20130621,repor...
: Security
Depends On: 976686 976687
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-21 03:53 EDT by Jan Lieskovsky
Modified: 2014-02-17 15:44 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Local copy of Debian patch from http://patch-tracker.debian.org/patch/series/view/tpp/1.3.1-3/15-optional-exec.patch (1.85 KB, patch)
2013-06-21 03:55 EDT, Jan Lieskovsky
no flags Details | Diff

  None (edit)
Description Jan Lieskovsky 2013-06-21 03:53:27 EDT
A security flaw was found in the way tpp, a ncurses-based presentation tool, processed TPP templates containing --exec clause (input provided as an argument of the --exec clause would be immediately executed without requesting a second confirmation from the user). A remote attacker could provide a specially-crafted text presentation program (TPP) template that, when processed with the tpp binary would lead to arbitrary code execution with the privileges of the user running the tpp executable.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706644

Relevant patch from Debian distribution (adds requirement
the user to explicitly confirm code execution is desired):
[2] http://patch-tracker.debian.org/patch/series/view/tpp/1.3.1-3/15-optional-exec.patch
Comment 1 Jan Lieskovsky 2013-06-21 03:55:07 EDT
Created attachment 763691 [details]
Local copy of Debian patch from http://patch-tracker.debian.org/patch/series/view/tpp/1.3.1-3/15-optional-exec.patch
Comment 2 Jan Lieskovsky 2013-06-21 03:56:21 EDT
This issue affects the versions of the tpp package, as shipped with Fedora release of 17 and 18. Please schedule an update.

--

This issue affects the version of the tpp package, as shipped with Fedora EPEL 6. Please schedule an update.
Comment 3 Jan Lieskovsky 2013-06-21 03:57:11 EDT
Created tpp tracking bugs for this issue

Affects: fedora-all [bug 976686]
Affects: epel-6 [bug 976687]
Comment 4 Jan Lieskovsky 2013-06-21 04:05:13 EDT
GitHub patch link:
  https://github.com/xtaran/tpp/commit/350aafbd9a3256f6d479dacb9740bf3f0b9a3fc3
Comment 5 Jan Lieskovsky 2013-06-21 04:11:11 EDT
CVE Request:
  http://www.openwall.com/lists/oss-security/2013/06/21/2
Comment 6 Vincent Danen 2013-06-21 13:04:49 EDT
This issue was assigned the name CVE-2013-2208 as per http://seclists.org/oss-sec/2013/q2/609

Note You need to log in before you can comment on or make changes to this bug.