2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:L/Au:N/C:N/I:P/A:N
0.0004 Low
EPSS
Percentile
5.7%
The semi package includes a MIME library for GNU Emacs and XEmacs used by
the wl mail package.
Tatsuya Kinoshita discovered a vulnerability in flim, an emacs library
for working with Internet messages included in the semi package. Temporary
files were being created without taking adequate precautions, and therefore
a local user could potentially overwrite files with the privileges of the
user running emacs. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0422 to this issue.
Users of semi are advised to upgrade to these packages, which contain
a backported patch fixing this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | noarch | semi-xemacs | < 1.14.3-8.72.EL.1 | semi-xemacs-1.14.3-8.72.EL.1.noarch.rpm |
RedHat | any | noarch | semi | < 1.14.3-8.72.EL.1 | semi-1.14.3-8.72.EL.1.noarch.rpm |