Lucene search
Ubuntu.comUB:CVE-2012-3479HistoryAug 25, 2012 - 12:00 a.m.
CVE-2012-3479
2012-08-2500:00:00
ubuntu.com
ubuntu.com
15
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.8%
lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes
eval forms in local-variable sections when the enable-local-variables
option is set to :safe, which allows user-assisted remote attackers to
execute arbitrary Emacs Lisp code via a crafted file.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684694 (emacs24)>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=684695 (emacs23)>
- <http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155>
Notes
| Author | Note |
|---|---|
| jdstrand | per upstream, 23.1 and earlier not affected |
| mdeslaur | natty is too close to EoL to be worth difficult backport, ignoring |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 11.10 | noarch | emacs23 | < 23.3+1-1ubuntu4.1 | UNKNOWN |
| ubuntu | 12.04 | noarch | emacs23 | < 23.3+1-1ubuntu9.1 | UNKNOWN |
| ubuntu | 12.10 | noarch | emacs23 | < 23.4+1-4ubuntu1 | UNKNOWN |
| ubuntu | 13.04 | noarch | emacs23 | < 23.4+1-4ubuntu1 | UNKNOWN |
| ubuntu | 13.10 | noarch | emacs23 | < 23.4+1-4ubuntu1 | UNKNOWN |
| ubuntu | 12.10 | noarch | emacs24 | < 24.1+1-2ubuntu3 | UNKNOWN |
| ubuntu | 13.04 | noarch | emacs24 | < 24.1+1-2ubuntu3 | UNKNOWN |
| ubuntu | 13.10 | noarch | emacs24 | < 24.1+1-2ubuntu3 | UNKNOWN |
References
Related
debiancve
debiancve
CVE-2012-3479
2012-08-25 10:29:00
nessus
nessus
openSUSE Security Update : emacs and depending packages (openSUSE-SU-2012:1348-1)
2014-06-13 00:00:00
Fedora 17 : emacs-24.1-4.fc17 (2012-11876)
2012-08-23 00:00:00
debian
debian
[SECURITY] [DSA 2603-1] emacs23 security update
2013-01-09 19:03:00
openvas
openvas
FreeBSD Ports: emacs
2012-09-07 00:00:00
Fedora Update for emacs FEDORA-2012-11876
2012-08-30 00:00:00
Fedora Update for emacs FEDORA-2012-11876
2012-08-30 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: emacs-24.1-4.fc17
2012-08-22 21:08:44
[SECURITY] Fedora 16 Update: emacs-23.3-10.fc16
2012-08-22 20:58:06
slackware
slackware
[slackware-security] emacs
2012-08-16 06:32:59
cve
cve
CVE-2012-3479
2012-08-25 10:29:00
securityvulns
securityvulns
emacs protection bypass
2012-08-20 00:00:00
[slackware-security] emacs (SSA:2012-228-02)
2012-08-20 00:00:00
freebsd
freebsd
emacs -- remote code execution vulnerability
2012-08-13 00:00:00
prion
prion
Code injection
2012-08-25 10:29:00
osv
osv
emacs23 - programming error
2013-01-09 00:00:00
cvelist
cvelist
CVE-2012-3479
2012-08-25 10:00:00
ubuntu
ubuntu
Emacs vulnerabilities
2012-09-27 00:00:00
gentoo
gentoo
GNU Emacs: Multiple vulnerabilities
2014-03-20 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.8%
Related for UB:CVE-2012-3479