Lucene search
FreeBSD Ports: zh-emacs, emacs
🗓️ 04 Sep 2008 00:00:00Reported by Copyright (C) 2008 E-Soft Inc.Type 
openvas🔗 plugins.openvas.org👁 11 Views
FreeBSD Ports: zh-emacs, emacs. The packages are vulnerable to a format string vulnerability in movemail utility allowing remote code execution
Show more
| Reporter | Title | Published | Views | Family All 54 |
|---|---|---|---|---|
 | [SECURITY] [DSA 685-1] New emacs21 packages fix arbitrary code execution | 17 Feb 200511:33 | – | debian |
| [SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution | 8 Feb 200515:04 | – | debian |
| [SECURITY] [DSA 670-1] New emacs20 packages fix arbitrary code execution | 8 Feb 200509:10 | – | debian |
| [SECURITY] [DSA 685-1] New emacs21 packages fix arbitrary code execution | 17 Feb 200511:33 | – | debian |
| [SECURITY] [DSA 671-1] New xemacs21 packages fix arbitrary code execution | 8 Feb 200515:04 | – | debian |
| [SECURITY] [DSA 670-1] New emacs20 packages fix arbitrary code execution | 8 Feb 200509:10 | – | debian |
| FreeBSD Ports: zh-emacs, emacs | 4 Sep 200800:00 | – | openvas |
| Debian Security Advisory DSA 685-1 (emacs21) | 17 Jan 200800:00 | – | openvas |
| SLES9: Security update for Emacs | 10 Oct 200900:00 | – | openvas |
| Debian: Security Advisory (DSA-671-1) | 17 Jan 200800:00 | – | openvas |
10
| Source | Link |
|---|---|
| vuxml | www.vuxml.org/freebsd/3e3c860d-7dae-11d9-a9e7-0001020eed82.html |
| securityfocus | www.securityfocus.com/bid/12462 |
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.52188");
script_version("2023-07-26T05:05:09+0000");
script_tag(name:"last_modification", value:"2023-07-26 05:05:09 +0000 (Wed, 26 Jul 2023)");
script_tag(name:"creation_date", value:"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)");
script_cve_id("CVE-2005-0100");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/12462");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("FreeBSD Ports: zh-emacs, emacs");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("FreeBSD Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");
script_xref(name:"URL", value:"https://www.vuxml.org/freebsd/3e3c860d-7dae-11d9-a9e7-0001020eed82.html");
script_tag(name:"insight", value:"The following packages are affected:
zh-emacs
emacs
xemacs
xemacs-mule
zh-xemacs
zh-xemacs-mule
xemacs-devel
xemacs-devel-21.5
xemacs-devel-mule
mule-common
hanemacs
CVE-2005-0100
Format string vulnerability in the movemail utility in (1) Emacs 20.x,
21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier,
allows remote malicious POP3 servers to execute arbitrary code via
crafted packets.");
script_tag(name:"solution", value:"Update your system with the appropriate patches or
software upgrades.");
script_tag(name:"summary", value:"The remote host is missing an update to the system
as announced in the referenced advisory.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-bsd.inc");
vuln = FALSE;
txt = "";
bver = portver(pkg:"zh-emacs");
if(!isnull(bver) && revcomp(a:bver, b:"20.7_4")<0) {
txt += 'Package zh-emacs version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(!isnull(bver) && revcomp(a:bver, b:"21")>0 && revcomp(a:bver, b:"21.3_4")<0) {
txt += 'Package zh-emacs version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"emacs");
if(!isnull(bver) && revcomp(a:bver, b:"20.7_4")<0) {
txt += 'Package emacs version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(!isnull(bver) && revcomp(a:bver, b:"21")>0 && revcomp(a:bver, b:"21.3_4")<0) {
txt += 'Package emacs version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"xemacs");
if(!isnull(bver) && revcomp(a:bver, b:"21.4.17")<0) {
txt += 'Package xemacs version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"xemacs-mule");
if(!isnull(bver) && revcomp(a:bver, b:"21.4.17")<0) {
txt += 'Package xemacs-mule version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"zh-xemacs");
if(!isnull(bver) && revcomp(a:bver, b:"21.4.17")<0) {
txt += 'Package zh-xemacs version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"zh-xemacs-mule");
if(!isnull(bver) && revcomp(a:bver, b:"21.4.17")<0) {
txt += 'Package zh-xemacs-mule version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"xemacs-devel");
if(!isnull(bver) && revcomp(a:bver, b:"21.5.b19,1")<0) {
txt += 'Package xemacs-devel version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"xemacs-devel-21.5");
if(!isnull(bver) && revcomp(a:bver, b:"b11")==0) {
txt += 'Package xemacs-devel-21.5 version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"xemacs-devel-mule");
if(!isnull(bver) && revcomp(a:bver, b:"21.5.b19")<0) {
txt += 'Package xemacs-devel-mule version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"mule-common");
if(!isnull(bver) && revcomp(a:bver, b:"0")>0) {
txt += 'Package mule-common version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
bver = portver(pkg:"hanemacs");
if(!isnull(bver) && revcomp(a:bver, b:"0")>0) {
txt += 'Package hanemacs version ' + bver + ' is installed which is known to be vulnerable.\n';
vuln = TRUE;
}
if(vuln) {
security_message(data:txt);
} else if (__pkg_match) {
exit(99);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo04 Sep 2008 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS27.5
EPSS0.02845