===========================================================
Ubuntu Security Notice USN-844-1 October 08, 2009
mimetex vulnerabilities
CVE-2009-1382, CVE-2009-2459
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
#2009-010 mimeTeX and mathTeX buffer overflows and command injection
Description:
The mimeTeX and mathTeX CGIs are widely used helper executables that allow
mathematical equation rendering in the form of images. Both applications suffer
from several buffer overflows as well as command injection which result in
remote code execution.
Debian Security Advisory DSA-1917-1 security@debian.org
http://www.debian.org/security/ Giuseppe Iuculano
October 24, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : mimetex
Vulnerability : several vulnerabilities
Problem type : remote (local)
Debian-specific: no
Debian bug : 537254
CVE Ids : CVE-2009-1382 CVE-2009-2459
complete LaTeX environment on a server system will be available.
III. DETECTION OF VULNERABILITY
Since Moodle 1.6 a complete LaTeX environment is preferred over the
shipped mimetex program for rendering TeX formulas to images that can
be included in HTML pages.
In any text input area, e.g., forum, type something like "$$ \jobname
$$" (without quotes). If the result looks like
- "$$ \jobname $$": TeX filter not activated
Christian J. Eibl discovered that the TeX filter of Moodle, a web-based
course management system, doesn't check user input for certain TeX commands
which allows an attacker to include and display the content of arbitrary system
files.
Note that this doesn't affect installations that only use the mimetex
environment.
For the oldstable distribution (etch), this problem has been fixed in
version 1.6.3-2+etch3.
