6 matches found
Code injection
The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp...
CVE-2014-4150
The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp...
CVE-2014-4150
The CVE-2014-4150 vulnerability affects Scheme 48, specifically the scheme48-send-definition function in cmuscheme48.el. The issue allows a local attacker to write to arbitrary files by exploiting a symlink attack on /tmp/s48lose.tmp. The public-facing details clearly describe the root cause as a...
scheme48 security update
Package : scheme48 Version : 1.8+dfsg-1+deb6u1 CVE ID : CVE-2014-4150 Debian Bug : 748766 The function scheme48-send-definition in cmuscheme48.el blindly overwrites the file /tmp/s48lose.tmp prior to sending it to the inferior scheme process. This action will blindly overwrite files the user has...
scheme48 security update
Package : scheme48 Version : 1.8+dfsg-1+deb6u1 CVE ID : CVE-2014-4150 Debian Bug : 748766 The function scheme48-send-definition in cmuscheme48.el blindly overwrites the file /tmp/s48lose.tmp prior to sending it to the inferior scheme process. This action will blindly overwrite files the user has...
DLA-0006-1 scheme48 - security update
Bulletin has no description...