| Reporter | Title | Published | Views | Family All 61 |
|---|---|---|---|---|
| emacs -- movemail format string vulnerability | 31 Jan 200500:00 | – | freebsd | |
| CAN-2005-0100 | 23 Feb 202418:05 | – | cve | |
| CVE-2005-0100 | 8 Feb 200505:00 | – | cve | |
| CVE-2005-0100 | 8 Feb 200505:00 | – | cvelist | |
| [SECURITY] [DSA 670-1] New emacs20 packages fix arbitrary code execution | 8 Feb 200509:10 | – | debian | |
| [SECURITY] [DSA 670-1] New emacs20 packages fix arbitrary code execution | 8 Feb 200509:10 | – | debian | |
| [SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution | 8 Feb 200515:04 | – | debian | |
| [SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution | 8 Feb 200515:04 | – | debian | |
| [SECURITY] [DSA 685-1] New emacs21 packages fix arbitrary code execution | 17 Feb 200511:33 | – | debian | |
| [SECURITY] [DSA 685-1] New emacs21 packages fix arbitrary code execution | 17 Feb 200511:33 | – | debian |
| Source | Link |
|---|---|
| debian | www.debian.org/security/2005/dsa-685 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-685. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(17130);
script_version("1.19");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2005-0100");
script_xref(name:"DSA", value:"685");
script_name(english:"Debian DSA-685-1 : emacs21 - format string");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Max Vozeler discovered several format string vulnerabilities in the
movemail utility of Emacs, the well-known editor. Via connecting to a
malicious POP server an attacker can execute arbitrary code under the
privileges of group mail."
);
script_set_attribute(
attribute:"see_also",
value:"http://www.debian.org/security/2005/dsa-685"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the emacs packages.
For the stable distribution (woody) these problems have been fixed in
version 21.2-1woody3."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:emacs21");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
script_set_attribute(attribute:"patch_publication_date", value:"2005/02/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/17");
script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/07");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"3.0", prefix:"emacs21", reference:"21.2-1woody3")) flag++;
if (deb_check(release:"3.0", prefix:"emacs21-el", reference:"21.2-1woody3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation