Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-3423

Overview

Vulnerability Score 3.3 3.3
CVE Id CVE-2014-3423
Last Modified 09 Apr 2015 09:59:14
Published 08 May 2014 06:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2014-3423

Summary

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.

Vulnerable Systems

Application

  • Gnu Emacs 20.0

  • Gnu Emacs 20.1

  • Gnu Emacs 20.2

  • Gnu Emacs 20.3

  • Gnu Emacs 20.4

  • Gnu Emacs 20.5

  • Gnu Emacs 20.6

  • Gnu Emacs 20.7

  • Gnu Emacs 21

  • Gnu Emacs 21.1

  • Gnu Emacs 21.2

  • Gnu Emacs 21.2.1

  • Gnu Emacs 21.3

  • Gnu Emacs 21.3.1

  • Gnu Emacs 21.4

  • Gnu Emacs 22.1

  • Gnu Emacs 22.2

  • Gnu Emacs 22.3

  • Gnu Emacs 23.1

  • Gnu Emacs 23.2

  • Gnu Emacs 23.3

  • Gnu Emacs 23.4

  • Gnu Emacs 24.1

  • Gnu Emacs 24.2

  • Gnu Emacs 24.3


References

MLIST - [oss-security] 20140507 Re: CVE Request - Predictable temporary filenames in GNU Emacs

MLIST - [emacs-diffs] 20140506 emacs-24 r117068: browse-url.el comment

MISC - http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428#8

MANDRIVA - MDVSA-2015:117

CONFIRM - http://advisories.mageia.org/MGASA-2014-0250.html


Last Updated: 27 May 2016 11:05:16