GNU Emacs 'python.el' Code Execution Vulnerability
BID:31052
Info
GNU Emacs 'python.el' Code Execution Vulnerability
| Bugtraq ID: | 31052 |
| Class: | Design Error |
| CVE: |
CVE-2008-3949 |
| Remote: | No |
| Local: | Yes |
| Published: | Sep 05 2008 12:00AM |
| Updated: | Feb 23 2009 11:17PM |
| Credit: | Romain Francoise |
| Vulnerable: |
S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 Pardus Linux 2008 0 Pardus Linux 2007 0 Mandriva Linux Mandrake 2008.1 x86_64 Mandriva Linux Mandrake 2008.1 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 GNU Emacs 20.6 GNU Emacs 20.6 GNU Emacs 20.5 GNU Emacs 20.4 GNU Emacs 20.3 GNU Emacs 20.2 GNU Emacs 20.1 GNU Emacs 20.0 GNU Emacs 22.1 Gentoo Linux |
| Not Vulnerable: |
GNU Emacs 23.0.60_20080624-22- GNU Emacs 22.1-17-17 |
Discussion
GNU Emacs 'python.el' Code Execution Vulnerability
GNU Emacs is prone to a local code-execution vulnerability.
Successful exploits may allow attackers to execute arbitrary code within the context of the user running the affected application.
Versions prior to the following are affected:
GNU Emacs 23.0.60_20080624-22-6
GNU Emacs 22.1-17-17
GNU Emacs is prone to a local code-execution vulnerability.
Successful exploits may allow attackers to execute arbitrary code within the context of the user running the affected application.
Versions prior to the following are affected:
GNU Emacs 23.0.60_20080624-22-6
GNU Emacs 22.1-17-17
Exploit / POC
GNU Emacs 'python.el' Code Execution Vulnerability
Local attackers can exploit the issue by creating a crafted Python script and then enticing a victim to run a certain Emacs command.
Local attackers can exploit the issue by creating a crafted Python script and then enticing a victim to run a certain Emacs command.
Solution / Fix
GNU Emacs 'python.el' Code Execution Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
Mandriva Linux Mandrake 2008.1 x86_64
Mandriva Linux Mandrake 2008.1
Mandriva Linux Mandrake 2008.0 x86_64
Mandriva Linux Mandrake 2008.0
Solution:
The vendor has released updates. Please see the references for more information.
Mandriva Linux Mandrake 2008.1 x86_64
-
Mandriva emacs-22.1-7.3mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-common-22.1-7.3mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-doc-22.1-7.3mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-el-22.1-7.3mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-gtk-22.1-7.3mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-leim-22.1-7.3mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-nox-22.1-7.3mdv2008.1.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.1
-
Mandriva emacs-22.1-7.3mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-common-22.1-7.3mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-doc-22.1-7.3mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-el-22.1-7.3mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-gtk-22.1-7.3mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-leim-22.1-7.3mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-nox-22.1-7.3mdv2008.1.i586.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.0 x86_64
-
Mandriva emacs-22.1-5.4mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-common-22.1-5.4mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-doc-22.1-5.4mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-el-22.1-5.4mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-gtk-22.1-5.4mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-leim-22.1-5.4mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-nox-22.1-5.4mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva Linux Mandrake 2008.0
-
Mandriva emacs-22.1-5.4mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-common-22.1-5.4mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-doc-22.1-5.4mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-el-22.1-5.4mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-gtk-22.1-5.4mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-leim-22.1-5.4mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/ -
Mandriva emacs-nox-22.1-5.4mdv2008.0.i586.rpm
http://www.mandriva.com/en/download/
References
GNU Emacs 'python.el' Code Execution Vulnerability
References:
References: