LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also affects TeX Live before 2023 r66984 and MiKTeX before 23.5.

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-3946 advisory.

    - -------------------------------------------------------------------------     Debian LTS Advisory DLA-3946-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                   Bastien Roucaris     November 05, 2024                             https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : context     Version        : 2020.03.10.20200331-1+deb11u1

    Context a general-purpose document processor was affected by     CVE-2023-32700 fix that by default disable luasocket.

    This bugfix release, fix the mtxrun program used at install time     of context (postinst) that was broken by CVE-2023-32700 patch.

    For Debian 11 bullseye, this problem has been fixed in version     2020.03.10.20200331-1+deb11u1.

    We recommend that you upgrade your context packages.

    For the detailed security status of context please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/context

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the texlive-20200406-26.el9 build changelog.

  - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from     an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also     affects TeX Live before 2023 r66984 and MiKTeX before 23.5. (CVE-2023-32700)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2023:3661 advisory.

  - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from     an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also     affects TeX Live before 2023 r66984 and MiKTeX before 23.5. (CVE-2023-32700)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:2284-2 advisory.

  - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from     an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also     affects TeX Live before 2023 r66984 and MiKTeX before 23.5. (CVE-2023-32700)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Rocky Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:3661 advisory.

  - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from     an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also     affects TeX Live before 2023 r66984 and MiKTeX before 23.5. (CVE-2023-32700)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-3661 advisory.

    [9:20200406-26]
    - Resolves: #2209872, CVE-2023-32700

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:3661 advisory.

    The texlive packages contain TeXLive, an implementation of TeX for Linux or UNIX systems.

    Security Fix(es):

    * texlive: arbitrary code execution allows document complied with older version (CVE-2023-32700)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d261122726 advisory.

    Fix CVE-2023-32700

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-38094d905c advisory.

    Fixes CVE-2023-32700. Also fixes issues with mptopdf.pl, thumb2pdf.pl, and mtxrun.

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6115-1 advisory.

    Max Chernoff discovered that LuaTeX (TeX Live) did not properly disable shell escape. An attacker could     possibly use this issue to execute arbitrary shell commands.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2287-1 advisory.

  - cups-filters contains backends, filters, and other software required to get the cups printing service     working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an     accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains     the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`.
    `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network     access to the hosted print server can exploit this vulnerability to inject system commands which are     executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is     expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict     access to network printers in the meantime. (CVE-2023-24805)

  - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from     an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also     affects TeX Live before 2023 r66984 and MiKTeX before 23.5. (CVE-2023-32700)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:2285-1 advisory.

  - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from     an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also     affects TeX Live before 2023 r66984 and MiKTeX before 23.5. (CVE-2023-32700)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of texlive installed on the remote host is prior to 2023.230322. It is, therefore, affected by a vulnerability as referenced in the SSA:2023-144-01 advisory.

  - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from     an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also     affects TeX Live before 2023 r66984 and MiKTeX before 23.5. (CVE-2023-32700)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3427 advisory.

  - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from     an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also     affects TeX Live before 2023 r66984 and MiKTeX before 23.5. (CVE-2023-32700)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5406 advisory.

  - LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from     an untrusted source. This occurs because luatex-core.lua lets the original io.popen be accessed. This also     affects TeX Live before 2023 r66984 and MiKTeX before 23.5. (CVE-2023-32700)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
210378	Debian dla-3946 : context - security update	Nessus	Debian Local Security Checks	high
191402	CentOS 9 : texlive-20200406-26.el9	Nessus	CentOS Local Security Checks	high
190204	CentOS 8 : texlive (CESA-2023:3661)	Nessus	CentOS Local Security Checks	high
178696	openSUSE 15 Security Update : texlive (SUSE-SU-2023:2284-2)	Nessus	SuSE Local Security Checks	high
177603	Rocky Linux 8 / 9 : texlive (RLSA-2023:3661)	Nessus	Rocky Linux Local Security Checks	high
177521	Oracle Linux 8 / 9 : texlive (ELSA-2023-3661)	Nessus	Oracle Linux Local Security Checks	high
177428	RHEL 8 / 9 : texlive (RHSA-2023:3661)	Nessus	Red Hat Local Security Checks	high
176659	Fedora 37 : texlive-base (2023-d261122726)	Nessus	Fedora Local Security Checks	high
176499	Fedora 38 : texlive-base (2023-38094d905c)	Nessus	Fedora Local Security Checks	high
176478	Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : TeX Live vulnerability (USN-6115-1)	Nessus	Ubuntu Local Security Checks	high
176355	SUSE SLES15 / openSUSE 15 Security Update : cups-filters, poppler, texlive (SUSE-SU-2023:2287-1)	Nessus	SuSE Local Security Checks	high
176354	SUSE SLES15 / openSUSE 15 Security Update : texlive (SUSE-SU-2023:2285-1)	Nessus	SuSE Local Security Checks	high
176353	Slackware Linux 15.0 / current texlive Vulnerability (SSA:2023-144-01)	Nessus	Slackware Local Security Checks	high
176221	Debian DLA-3427-1 : texlive-bin - LTS security update	Nessus	Debian Local Security Checks	high
176150	Debian DSA-5406-1 : texlive-bin - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2023-32700

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high