Lucene search
RootSSV:3206HistoryApr 23, 2008 - 12:00 a.m.
GNU Emacs创建不安全临时文件漏洞
2008-04-2300:00:00
Root
www.seebug.org
15
EPSS
0
Percentile
5.1%
BUGTRAQ ID: 28857
CVE(CAN) ID: CVE-2008-1694
Emacs是一个可扩展的实时显示编辑器。
Emacs的vcdiff工具(lib-src/vcdiff)以不安全的方式使用临时文件,这允许本地攻击者通过符号链接攻击以运行vcdiff用户的权限写入任意文件。
GNU Emacs 20.7 - 22.1.50
GNU
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lib-src/vcdiff?view=log” target=“_blank”>http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lib-src/vcdiff?view=log</a>
Related
cve
cve
CVE-2008-1694
2008-04-22 04:41:00
ubuntucve
ubuntucve
CVE-2008-1694
2008-04-22 00:00:00
securityvulns
securityvulns
[ MDVSA-2008:096 ] - Updated emacs packages fix vulnerability in vcdiff
2008-05-08 00:00:00
emacs symbolic links vulnerability
2008-05-08 00:00:00
debiancve
debiancve
CVE-2008-1694
2008-04-22 04:41:00
cvelist
cvelist
CVE-2008-1694
2008-04-21 20:00:00
openvas
openvas
Mandriva Update for emacs MDVSA-2008:096 (emacs)
2009-04-09 00:00:00
Mandriva Update for emacs MDVSA-2008:096 (emacs)
2009-04-09 00:00:00
Ubuntu: Security Advisory (USN-607-1)
2009-03-23 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : emacs (MDVSA-2008:096)
2009-04-23 00:00:00
RHEL 4 : emacs (Unpatched Vulnerability)
2024-06-03 00:00:00
prion
prion
Code injection
2008-04-22 04:41:00
nvd
nvd
CVE-2008-1694
2008-04-22 04:41:00
ubuntu
ubuntu
Emacs vulnerabilities
2008-05-06 00:00:00