CVE-2012-0035
Summary
| CVE | CVE-2012-0035 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-01-19 15:55:00 UTC |
| Updated | 2018-12-07 11:29:00 UTC |
| Description | Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Eric M Ludlam | Cedet | 1.0 | beta1 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | beta2 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | beta3 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | pre1 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | pre2 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | pre3 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | pre4 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | pre6 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | pre7 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | beta1 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | beta2 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | beta3 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | pre1 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | pre2 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | pre3 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | pre4 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | pre6 | All | All |
| Application | Eric M Ludlam | Cedet | 1.0 | pre7 | All | All |
| Application | Eric M Ludlam | Cedet | All | All | All | All |
| Application | Gnu | Emacs | 20.0 | All | All | All |
| Application | Gnu | Emacs | 20.1 | All | All | All |
| Application | Gnu | Emacs | 20.2 | All | All | All |
| Application | Gnu | Emacs | 20.3 | All | All | All |
| Application | Gnu | Emacs | 20.4 | All | All | All |
| Application | Gnu | Emacs | 20.5 | All | All | All |
| Application | Gnu | Emacs | 20.6 | All | All | All |
| Application | Gnu | Emacs | 20.7 | All | All | All |
| Application | Gnu | Emacs | 21 | All | All | All |
| Application | Gnu | Emacs | 21.1 | All | All | All |
| Application | Gnu | Emacs | 21.2 | All | All | All |
| Application | Gnu | Emacs | 21.2.1 | All | All | All |
| Application | Gnu | Emacs | 21.3 | All | All | All |
| Application | Gnu | Emacs | 21.3.1 | All | All | All |
| Application | Gnu | Emacs | 21.4 | All | All | All |
| Application | Gnu | Emacs | 22.1 | All | All | All |
| Application | Gnu | Emacs | 22.2 | All | All | All |
| Application | Gnu | Emacs | 22.3 | All | All | All |
| Application | Gnu | Emacs | 23.1 | All | All | All |
| Application | Gnu | Emacs | 23.2 | All | All | All |
| Application | Gnu | Emacs | 23.4 | All | All | All |
| Application | Gnu | Emacs | 20.0 | All | All | All |
| Application | Gnu | Emacs | 20.1 | All | All | All |
| Application | Gnu | Emacs | 20.2 | All | All | All |
| Application | Gnu | Emacs | 20.3 | All | All | All |
| Application | Gnu | Emacs | 20.4 | All | All | All |
| Application | Gnu | Emacs | 20.5 | All | All | All |
| Application | Gnu | Emacs | 20.6 | All | All | All |
| Application | Gnu | Emacs | 20.7 | All | All | All |
| Application | Gnu | Emacs | 21 | All | All | All |
| Application | Gnu | Emacs | 21.1 | All | All | All |
| Application | Gnu | Emacs | 21.2 | All | All | All |
| Application | Gnu | Emacs | 21.2.1 | All | All | All |
| Application | Gnu | Emacs | 21.3 | All | All | All |
| Application | Gnu | Emacs | 21.3.1 | All | All | All |
| Application | Gnu | Emacs | 21.4 | All | All | All |
| Application | Gnu | Emacs | 22.1 | All | All | All |
| Application | Gnu | Emacs | 22.2 | All | All | All |
| Application | Gnu | Emacs | 22.3 | All | All | All |
| Application | Gnu | Emacs | 23.1 | All | All | All |
| Application | Gnu | Emacs | 23.2 | All | All | All |
| Application | Gnu | Emacs | 23.4 | All | All | All |
| Application | Gnu | Emacs | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability | MLIST | openwall.com | Patch |
| Support / Security / Advisories / / MDVSA-2013:076 | Mandriva | MANDRIVA | www.mandriva.com | |
| EDE: Privilege escalation (GLSA 201812-05) — Gentoo security | GENTOO | security.gentoo.org | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Vendor Advisory |
| [SECURITY] Fedora 15 Update: emacs-23.3-8.fc15 | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 16 Update: emacs-23.3-9.fc16 | FEDORA | lists.fedoraproject.org | |
| CEDET / [CEDET-devel] Security flaw in EDE | MLIST | sourceforge.net | |
| Security Advisory SA50801 - Ubuntu update for emacs23 - Secunia | SECUNIA | secunia.com | |
| About Secunia Research | Flexera | SECUNIA | secunia.com | Vendor Advisory |
| oss-security - Re: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability | MLIST | openwall.com | |
| CEDET / [CEDET-devel] CEDET 1.0.1 available online | MLIST | sourceforge.net | |
| USN-1586-1: Emacs vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| Security flaw in EDE; new release plans | MLIST | lists.gnu.org | Patch |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 710288 Gentoo Linux EDE Privilege escalation Vulnerability (GLSA 201812-05)