Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1694

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-1694
Last Modified 07 Mar 2011 10:07:29
Published 22 Apr 2008 12:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-1694

Summary

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Vulnerable Systems

Application

  • Gnu Emacs 20.7

  • Gnu Emacs 21.1

  • Gnu Emacs 21.2

  • Gnu Emacs 21.3

  • Gnu Emacs 21.4

  • Gnu Sccs


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=208483

VUPEN - ADV-2008-1310

VUPEN - ADV-2008-1309

UBUNTU - USN-607-1

BID - 28857

MANDRIVA - MDVSA-2008:096

SECUNIA - 30109

SECUNIA - 29926

SECUNIA - 29905

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=216880

XF - xemacs-gnuemacs-vcdiff-symlink(41906)

SECTRACK - 1019909


Last Updated: 27 May 2016 10:47:38