GNU Emacs Local Eavesdropping Vulnerabilities
BID:1125
Info
GNU Emacs Local Eavesdropping Vulnerabilities
| Bugtraq ID: | 1125 |
| Class: | Access Validation Error |
| CVE: |
CVE-2000-0269 CVE-2000-0270 CVE-2000-0271 |
| Remote: | No |
| Local: | Yes |
| Published: | Apr 18 2000 12:00AM |
| Updated: | Jul 11 2009 01:56AM |
| Credit: | This vulnerability was announced in a RUS-Cert advisory on April 18, 2000. |
| Vulnerable: |
GNU Emacs 20.6 GNU Emacs 20.5 GNU Emacs 20.4 GNU Emacs 20.3 GNU Emacs 20.2 GNU Emacs 20.1 GNU Emacs 20.0 |
| Not Vulnerable: | |
Discussion
GNU Emacs Local Eavesdropping Vulnerabilities
A vulnerability exists in Emacs 20, that allows any user on a multiuser system to eavesdrop on, or forge responses to, an Emacs client. The vulnerability stems from Emacs failure to properly set permissions for slave PTY devices. Operating systems where Emacs is affected include Linux,
FreeBSD, HP-UX 10.x and 11.00, and AIX 4. Solaris is not affected.
A vulnerability exists in Emacs 20, that allows any user on a multiuser system to eavesdrop on, or forge responses to, an Emacs client. The vulnerability stems from Emacs failure to properly set permissions for slave PTY devices. Operating systems where Emacs is affected include Linux,
FreeBSD, HP-UX 10.x and 11.00, and AIX 4. Solaris is not affected.
Exploit / POC
GNU Emacs Local Eavesdropping Vulnerabilities
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
References
GNU Emacs Local Eavesdropping Vulnerabilities
References:
References: