Release date:
Updated on:
Affected Systems:
Trish tpp 1.3.1-2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 60720
CVE (CAN) ID: CVE-2013-2208
Tpp is a presentation tool based on ncurses.
Tpp 1.3.1-2 has a security vulnerability in processing the TPP template containing the -- exec statement. Remote attackers can exploit this vulnerability to execute arbitrary code through a specially crafted TPP template.
<* Source: W. Martin Borgert
Link: http://seclists.org/oss-sec/2013/q2/609
Http://bugs.debian.org/cgi-bin/bugreport.cgi? Bug = 706644
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Trish
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.trish.de/downloads/tpp.vim