CVE-2010-0825
Summary
| CVE | CVE-2010-0825 |
|---|---|
| State | PUBLISHED |
| Assigner | canonical |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-04-05 15:30:01 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
MediumAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:L/AC:M/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Webmail - OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Security Advisory SA39155 - Ubuntu update for emacs22 and emacs23 - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Support / Security / Advisories / / MDVSA-2010:083 | Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| Webmail - OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| Bug #531569 “Emacs movemail race condition” : Bugs : emacs22 package : Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | bugs.launchpad.net | |
| USN-919-1: Emacs vulnerability | Ubuntu | af854a3a-2127-422b-91ae-364da2661108 | www.ubuntu.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2010-04-06 | Joshua Bressers | Not vulnerable. This issues does not affect the versions of emacs or xemacs as shipped with Red Hat Enterprise Linux. The movemail utility in Red Hat Enterprise Linux does not have the setgid bit set, which is required for this flaw to be exploitable. |
There are currently no legacy QID mappings associated with this CVE.