Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-0035

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-0035
Last Modified 12 Dec 2013 11:54:52
Published 19 Jan 2012 10:55:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-0035

Summary

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

Vulnerable Systems

Application

  • Eric M Ludlam Cedet 1.0

  • Gnu Emacs 20.0

  • Gnu Emacs 20.1

  • Gnu Emacs 20.2

  • Gnu Emacs 20.3

  • Gnu Emacs 20.4

  • Gnu Emacs 20.5

  • Gnu Emacs 20.6

  • Gnu Emacs 20.7

  • Gnu Emacs 21

  • Gnu Emacs 21.1

  • Gnu Emacs 21.2

  • Gnu Emacs 21.2.1

  • Gnu Emacs 21.3

  • Gnu Emacs 21.3.1

  • Gnu Emacs 21.4

  • Gnu Emacs 22.1

  • Gnu Emacs 22.2

  • Gnu Emacs 22.3

  • Gnu Emacs 23.1

  • Gnu Emacs 23.2

  • Gnu Emacs 23.3

  • Gnu Emacs 23.4


References

MLIST - [cedet-devel] 20120111 CEDET 1.0.1 available online

MLIST - [cedet-devel] 20120109 Security flaw in EDE

SECUNIA - 47515

SECUNIA - 47311

MLIST - [oss-security] 20110109 Re: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability

MLIST - [oss-security] 20120109 CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability

MLIST - [emacs-devel] 20120109 Security flaw in EDE; new release plans

FEDORA - FEDORA-2012-0494

FEDORA - FEDORA-2012-0462

UBUNTU - USN-1586-1

SECUNIA - 50801

MLIST - [oss-security] 20120109 Re: Re: CVE Request: CEDET/Emacs global-ede-mode file loading vulnerability

MANDRIVA - MDVSA-2013:076


Last Updated: 27 May 2016 10:58:17