Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5795

Overview

Vulnerability Score 6.3 6.3
CVE Id CVE-2007-5795
Last Modified 07 Mar 2011 10:01:19
Published 02 Nov 2007 06:46:00
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5795

Summary

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

Vulnerable Systems

Application

  • Gnu Emacs 22.1


References

VUPEN - ADV-2008-0924

VUPEN - ADV-2007-3715

OSVDB - 42060

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008

FEDORA - FEDORA-2007-3056

XF - emacs-hacklocalvariables-security-bypass(38263)

UBUNTU - USN-541-1

BID - 26327

MANDRIVA - MDVSA-2008:034

GENTOO - GLSA-200712-03

SECUNIA - 29420

SECUNIA - 27984

SECUNIA - 27728

SECUNIA - 27627

SECUNIA - 27508

APPLE - APPLE-SA-2008-03-18

CONFIRM - http://docs.info.apple.com/article.html?artnum=307562

CONFIRM - http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28&r2=1.896.2.29

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=197958

Related Patches

Apple 2008-03-18 Security Update 2008-002 v1.0 Client (Leopard)

Apple 2008-03-26 Security Update 2008-002 v1.1 Server (Leopard) (Rev 2)

Apple 2008-03-26 Security Update 2008-002 v1.1 Client (Leopard) (Rev 2)


Last Updated: 27 May 2016 10:46:16