Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3949

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-3949
Last Modified 01 Sep 2009 01:19:48
Published 22 Sep 2008 02:52:13
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-3949

Summary

emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.

Vulnerable Systems

Operating System

  • Suse Linux


References

CONFIRM - https://bugzilla.novell.com/show_bug.cgi?id=424340

XF - emacs-python-code-execution(45021)

BID - 31052

MANDRIVA - MDVSA-2008:216

GENTOO - GLSA-200902-06

SECUNIA - 34004

SECUNIA - 31982

SUSE - SUSE-SR:2008:018

MLIST - [emacs-devel] 20080905 Vulnerability in Emacs python integration


Last Updated: 27 May 2016 10:48:20