GNU Emacs Local Variable Handling Code Execution Vulnerability
BID:26327
Info
GNU Emacs Local Variable Handling Code Execution Vulnerability
| Bugtraq ID: | 26327 |
| Class: | Design Error |
| CVE: |
CVE-2007-5795 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 02 2007 12:00AM |
| Updated: | Mar 19 2008 02:30AM |
| Credit: | Drake Wilson <[email protected]> discovered this issue. |
| Vulnerable: |
Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Redhat Fedora 7 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 Mandriva Linux Mandrake 2007.0 x86_64 Mandriva Linux Mandrake 2007.0 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 GNU Emacs 22.1 Gentoo Linux Cosmicperl Directory Pro 10.0.3 Apple Mac OS X Server 10.5.2 Apple Mac OS X Server 10.5.1 Apple Mac OS X Server 10.4.11 Apple Mac OS X Server 10.4.10 Apple Mac OS X Server 10.4.9 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X Server 10.5 Apple Mac OS X 10.5.2 Apple Mac OS X 10.5.1 Apple Mac OS X 10.4.11 Apple Mac OS X 10.4.10 Apple Mac OS X 10.4.9 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 Apple Mac OS X 10.5 |
| Not Vulnerable: | |
Discussion
GNU Emacs Local Variable Handling Code Execution Vulnerability
Emacs is prone to a vulnerability that lets attackers execute arbitrary code.
Due to a design error, the application ignores certain security settings and modifies local variables.
By supplying a malicious file, an attacker can exploit this issue to carry out various attacks, including executing arbitrary code in the context of the application. This may facilitate remote unauthorized access.
This issue affects Emacs 22.1; other versions may be vulnerable as well.
Emacs is prone to a vulnerability that lets attackers execute arbitrary code.
Due to a design error, the application ignores certain security settings and modifies local variables.
By supplying a malicious file, an attacker can exploit this issue to carry out various attacks, including executing arbitrary code in the context of the application. This may facilitate remote unauthorized access.
This issue affects Emacs 22.1; other versions may be vulnerable as well.
Exploit / POC
GNU Emacs Local Variable Handling Code Execution Vulnerability
A proof of concept has been supplied:
A proof of concept has been supplied:
Solution / Fix
GNU Emacs Local Variable Handling Code Execution Vulnerability
Solution:
The vendor has supplied a fix in the CVS repository. Please see the references for more information.
GNU Emacs 22.1
Apple Mac OS X 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X 10.5.2
Solution:
The vendor has supplied a fix in the CVS repository. Please see the references for more information.
GNU Emacs 22.1
-
GNU revision 1.896.2.28
http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896. 2.28&r2=1.896.2.29&view=patch
Apple Mac OS X 10.4.11
-
Apple SecUpd2008-002PPC.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat= 57&platform=osx&method=sa/SecUpd2008-002PPC.dmg -
Apple SecUpd2008-002Univ.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat= 57&platform=osx&method=sa/SecUpd2008-002Univ.dmg
Apple Mac OS X Server 10.4.11
-
Apple SecUpdSrvr2008-002PPC.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat= 57&platform=osx&method=sa/SecUpdSrvr2008-002PPC.dmg -
Apple SecUpdSrvr2008-002Univ.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat= 57&platform=osx&method=sa/SecUpdSrvr2008-002Univ.dmg
Apple Mac OS X 10.5.2
References
GNU Emacs Local Variable Handling Code Execution Vulnerability
References:
References:
- Debian Bug report logs - #449008 (Drake Wilson
) - Emacs Product Page (GNU)