CVE-2008-3949

2008-09-2218:52:13

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

Percentile

5.1%

JSON

emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.

OSVersionArchitecturePackageVersionFilename
Debian12allxemacs21< 21.4.24-11xemacs21_21.4.24-11_all.deb
Debian11allxemacs21< 21.4.24-9xemacs21_21.4.24-9_all.deb
Debian999allxemacs21< 21.4.24-12xemacs21_21.4.24-12_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	xemacs21	< 21.4.24-11	xemacs21_21.4.24-11_all.deb
Debian	11	all	xemacs21	< 21.4.24-9	xemacs21_21.4.24-9_all.deb
Debian	999	all	xemacs21	< 21.4.24-12	xemacs21_21.4.24-12_all.deb