Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

RHEL 2.1 / 3 : xemacs (RHSA-2005:134)

🗓️ 10 Feb 2005 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 25 Views

Updated XEmacs packages fix vulnerabilities allowing arbitrary code execution via movemail utility.

Related
Refs
Code
ReporterTitlePublishedViews
Family
FreeBSD		emacs -- movemail format string vulnerability
31 Jan 200500:00
freebsd
CVE		CAN-2005-0100
23 Feb 202418:05
cve
CVE		CVE-2005-0100
8 Feb 200505:00
cve
Cvelist		CVE-2005-0100
8 Feb 200505:00
cvelist
Debian		[SECURITY] [DSA 670-1] New emacs20 packages fix arbitrary code execution
8 Feb 200509:10
debian
Debian		[SECURITY] [DSA 670-1] New emacs20 packages fix arbitrary code execution
8 Feb 200509:10
debian
Debian		[SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution
8 Feb 200515:04
debian
Debian		[SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution
8 Feb 200515:04
debian
Debian		[SECURITY] [DSA 685-1] New emacs21 packages fix arbitrary code execution
17 Feb 200511:33
debian
Debian		[SECURITY] [DSA 685-1] New emacs21 packages fix arbitrary code execution
17 Feb 200511:33
debian
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2005:134. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(16369);
  script_version("1.24");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2005-0100");
  script_xref(name:"RHSA", value:"2005:134");

  script_name(english:"RHEL 2.1 / 3 : xemacs (RHSA-2005:134)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated XEmacs packages that fix a string format issue are now
available.

XEmacs is a powerful, customizable, self-documenting, modeless text
editor.

Max Vozeler discovered several format string vulnerabilities in the
movemail utility of XEmacs. If a user connects to a malicious POP
server, an attacker can execute arbitrary code as the user running
xemacs. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2005-0100 to this issue.

Users of XEmacs are advised to upgrade to these updated packages,
which contain backported patches to correct this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2005-0100"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2005:134"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected xemacs, xemacs-el and / or xemacs-info packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xemacs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xemacs-el");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:xemacs-info");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");

  script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/02/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^(2\.1|3)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1 / 3.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2005:134";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"xemacs-21.4.6-6.9.1")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"xemacs-el-21.4.6-6.9.1")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"xemacs-info-21.4.6-6.9.1")) flag++;

  if (rpm_check(release:"RHEL3", reference:"xemacs-21.4.13-8.ent.1")) flag++;
  if (rpm_check(release:"RHEL3", reference:"xemacs-el-21.4.13-8.ent.1")) flag++;
  if (rpm_check(release:"RHEL3", reference:"xemacs-info-21.4.13-8.ent.1")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "xemacs / xemacs-el / xemacs-info");
  }
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
14 Jan 2021 00:00Current
6Medium risk
Vulners AI Score6
CVSS 27.5
EPSS0.02845
xemacs updatestring format vulnerabilitiesarbitrary code executionmovemail utilitysecurity advisory
25