Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2142

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-2142
Last Modified 07 Mar 2011 10:08:45
Published 12 May 2008 03:20:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2142

Summary

Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.

Vulnerable Systems

Application

  • Gnu Emacs 21.3.1

  • Gnu Xemacs


References

FEDORA - FEDORA-2008-5504

FEDORA - FEDORA-2008-5446

CONFIRM - https://issues.rpath.com/browse/RPL-2529

CONFIRM - https://bugs.gentoo.org/show_bug.cgi?id=221197

XF - xemacs-gnuemacs-flc-code-execution(42362)

VUPEN - ADV-2008-1540

VUPEN - ADV-2008-1539

SECTRACK - 1020019

BID - 29176

BUGTRAQ - 20080527 rPSA-2008-0177-1 emacs emacs-leim

MANDRIVA - MDVSA-2008:154

MANDRIVA - MDVSA-2008:153

CONFIRM - http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0177

MISC - http://tracker.xemacs.org/XEmacs/its/issue378

MISC - http://thread.gmane.org/gmane.emacs.devel/96903

GENTOO - GLSA-200902-06

SECUNIA - 34004

SECUNIA - 30827

SECUNIA - 30581

SECUNIA - 30303

MLIST - [emacs-devel] 20080510 [mwelinder@bogus.example.com: Emacs security bug]

SECUNIA - 30216

SECUNIA - 30199

SUSE - SUSE-SR:2008:012

Related Patches

Novell SUSE 2008:5248 emacs security update for SLE 10 SP1 i586

Novell SUSE 2008:5297 emacs security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:47:46