Emacs vulnerability

ID USN-76-1
Type ubuntu
Reporter Ubuntu
Modified 2005-02-07T00:00:00


Max Vozeler discovered a format string vulnerability in the "movemail"
utility of Emacs. By sending specially crafted packets, a malicious
POP3 server could cause a buffer overflow, which could have been
exploited to execute arbitrary code with the privileges of the user
and the "mail" group (since "movemail" is installed as "setgid mail").