CVE-2014-3423
Summary
| CVE | CVE-2014-3423 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-05-08 10:55:00 UTC |
| Updated | 2016-06-30 16:23:00 UTC |
| Description | lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file. |
Risk And Classification
Problem Types: CWE-59
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gnu | Emacs | 20.0 | All | All | All |
| Application | Gnu | Emacs | 20.1 | All | All | All |
| Application | Gnu | Emacs | 20.2 | All | All | All |
| Application | Gnu | Emacs | 20.3 | All | All | All |
| Application | Gnu | Emacs | 20.4 | All | All | All |
| Application | Gnu | Emacs | 20.5 | All | All | All |
| Application | Gnu | Emacs | 20.6 | All | All | All |
| Application | Gnu | Emacs | 20.7 | All | All | All |
| Application | Gnu | Emacs | 21 | All | All | All |
| Application | Gnu | Emacs | 21.1 | All | All | All |
| Application | Gnu | Emacs | 21.2 | All | All | All |
| Application | Gnu | Emacs | 21.2.1 | All | All | All |
| Application | Gnu | Emacs | 21.3 | All | All | All |
| Application | Gnu | Emacs | 21.3.1 | All | All | All |
| Application | Gnu | Emacs | 21.4 | All | All | All |
| Application | Gnu | Emacs | 22.1 | All | All | All |
| Application | Gnu | Emacs | 22.2 | All | All | All |
| Application | Gnu | Emacs | 22.3 | All | All | All |
| Application | Gnu | Emacs | 23.1 | All | All | All |
| Application | Gnu | Emacs | 23.2 | All | All | All |
| Application | Gnu | Emacs | 23.3 | All | All | All |
| Application | Gnu | Emacs | 23.4 | All | All | All |
| Application | Gnu | Emacs | 24.1 | All | All | All |
| Application | Gnu | Emacs | 24.2 | All | All | All |
| Application | Gnu | Emacs | 20.0 | All | All | All |
| Application | Gnu | Emacs | 20.1 | All | All | All |
| Application | Gnu | Emacs | 20.2 | All | All | All |
| Application | Gnu | Emacs | 20.3 | All | All | All |
| Application | Gnu | Emacs | 20.4 | All | All | All |
| Application | Gnu | Emacs | 20.5 | All | All | All |
| Application | Gnu | Emacs | 20.6 | All | All | All |
| Application | Gnu | Emacs | 20.7 | All | All | All |
| Application | Gnu | Emacs | 21 | All | All | All |
| Application | Gnu | Emacs | 21.1 | All | All | All |
| Application | Gnu | Emacs | 21.2 | All | All | All |
| Application | Gnu | Emacs | 21.2.1 | All | All | All |
| Application | Gnu | Emacs | 21.3 | All | All | All |
| Application | Gnu | Emacs | 21.3.1 | All | All | All |
| Application | Gnu | Emacs | 21.4 | All | All | All |
| Application | Gnu | Emacs | 22.1 | All | All | All |
| Application | Gnu | Emacs | 22.2 | All | All | All |
| Application | Gnu | Emacs | 22.3 | All | All | All |
| Application | Gnu | Emacs | 23.1 | All | All | All |
| Application | Gnu | Emacs | 23.2 | All | All | All |
| Application | Gnu | Emacs | 23.3 | All | All | All |
| Application | Gnu | Emacs | 23.4 | All | All | All |
| Application | Gnu | Emacs | 24.1 | All | All | All |
| Application | Gnu | Emacs | 24.2 | All | All | All |
| Application | Gnu | Emacs | All | All | All | All |
| Operating System | Mageia Project | Mageia | 3 | All | All | All |
| Operating System | Mageia Project | Mageia | 4 | All | All | All |
| Operating System | Mageia Project | Mageia | 3 | All | All | All |
| Operating System | Mageia Project | Mageia | 4 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - Re: CVE Request - Predictable temporary filenames in GNU Emacs | MLIST | openwall.com | |
| #17428 - Bug#747100: emacs23: Insecure use of temporary files in included lisp libraries/packages - GNU bug report logs | MISC | debbugs.gnu.org | |
| Mageia Advisory: MGASA-2014-0250 - Updated emacs packages fix CVE-2014-3421-4 | CONFIRM | advisories.mageia.org | |
| [Emacs-diffs] emacs-24 r117068: browse-url.el comment | MLIST | lists.gnu.org | |
| Support / Security / Advisories / / MDVSA-2015:117 | Mandriva | MANDRIVA | www.mandriva.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.