what you don't know can hurt you
Showing 1 - 5 of 5 RSS Feed

CVE-2012-0035

Status Candidate

Overview

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

Related Files

Gentoo Linux Security Advisory 201812-05
Posted Dec 7, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201812-5 - A vulnerability in EDE could result in privilege escalation. Versions less than 1.07 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2012-0035
MD5 | 5230c0480d1f9e56a62f956da5c48b5b
Gentoo Linux Security Advisory 201403-05
Posted Mar 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201403-5 - Two vulnerabilities have been found in GNU Emacs, possibly leading to user-assisted execution of arbitrary code. Versions less than 24.1-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-0035, CVE-2012-3479
MD5 | a73d75fd9b4ce06bdceeb400052f77d2
Gentoo Linux Security Advisory 201401-31
Posted Jan 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-31 - A vulnerability in CEDET could result in privilege escalation. Versions less than 1.0.1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2012-0035
MD5 | 540b2dfc0769718a384cbf2451a90e9b
Mandriva Linux Security Advisory 2013-076
Posted Apr 9, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-076 - Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. Additionally a problem was fixed reading xz compressed files.

tags | advisory, remote, arbitrary, local
systems | linux, mandriva
advisories | CVE-2012-0035, CVE-2012-3479
MD5 | bcf203652b86fff1f89bf4fc253be523
Ubuntu Security Notice USN-1586-1
Posted Sep 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1586-1 - Hiroshi Oota discovered that Emacs incorrectly handled search paths. If a user were tricked into opening a file with Emacs, a local attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. Paul Ling discovered that Emacs incorrectly handled certain eval forms in local-variable sections. If a user were tricked into opening a specially crafted file with Emacs, a remote attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2012-0035, CVE-2012-3479, CVE-2012-0035, CVE-2012-3479
MD5 | cfd0563ee546bb410160ffd2e0c6b016
Page 1 of 1
Back1Next

File Archive:

November 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    28 Files
  • 2
    Nov 2nd
    1 Files
  • 3
    Nov 3rd
    1 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    19 Files
  • 6
    Nov 6th
    65 Files
  • 7
    Nov 7th
    22 Files
  • 8
    Nov 8th
    18 Files
  • 9
    Nov 9th
    1 Files
  • 10
    Nov 10th
    1 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    65 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close