ID CVE-2009-2459
Summary Multiple unspecified vulnerabilities in mimeTeX, when downloaded before 20090713, have unknown impact and attack vectors related to the (1) \environ, (2) \input, and (3) \counter TeX directives.
References
Vulnerable Configurations
  • cpe:2.3:a:forkosh:mimetex:1.71
    cpe:2.3:a:forkosh:mimetex:1.71
CVSS
Base: 10.0 (as of 15-07-2009 - 08:59)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-10225.NASL
    description - Fixes a buffer-overflow as detailed in #511049. - Updates to 1.7. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 42375
    published 2009-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42375
    title Fedora 10 : mimetex-1.71-1.fc10 (2009-10225)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1917.NASL
    description Several vulnerabilities have been discovered in mimetex, a lightweight alternative to MathML. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-1382 Chris Evans and Damien Miller, discovered multiple stack-based buffer overflow. An attacker could execute arbitrary code via a TeX file with long picture, circle, input tags. - CVE-2009-2459 Chris Evans discovered that mimeTeX contained certain directives that may be unsuitable for handling untrusted user input. A remote attacker can obtain sensitive information.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 44782
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44782
    title Debian DSA-1917-1 : mimetex - several vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-6546.NASL
    description - Thu Oct 1 2009 Jorge Torres - 1.71-1 - Update to 1.71 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 47439
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47439
    title Fedora 12 : mimetex-1.71-1.fc12 (2010-6546)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-3910.NASL
    description Fixes for CVE-2009-1382 CVE-2009-2459 for EL-5, update to latest upstream for all releases. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 65663
    published 2013-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65663
    title Fedora 18 : mimetex-1.74-1.fc18 (2013-3910)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-3902.NASL
    description Fixes for CVE-2009-1382 CVE-2009-2459 for EL-5, update to latest upstream for all releases. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 65662
    published 2013-03-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=65662
    title Fedora 17 : mimetex-1.74-1.fc17 (2013-3902)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-844-1.NASL
    description Chris Evans discovered that mimeTeX incorrectly handled certain long tags. An attacker could exploit this with a crafted mimeTeX expression and cause a denial of service or possibly execute arbitrary code. (CVE-2009-1382) Chris Evans discovered that mimeTeX contained certain directives that may be unsuitable for handling untrusted user input. This update fixed the issue by disabling the \input and \counter tags. (CVE-2009-2459). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 42079
    published 2009-10-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42079
    title Ubuntu 8.04 LTS / 8.10 / 9.04 : mimetex vulnerabilities (USN-844-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-10170.NASL
    description - Fixes a buffer-overflow as detailed in #511049. - Updates to 1.7. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 42374
    published 2009-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42374
    title Fedora 11 : mimetex-1.71-1.fc11 (2009-10170)
refmap via4
fedora FEDORA-2010-6546
misc http://scary.beasts.org/security/CESA-2009-009.html
secunia 35752
vupen
  • ADV-2009-1875
  • ADV-2010-0877
Last major update 20-04-2010 - 01:39
Published 14-07-2009 - 16:30
Back to Top