Twenty Year Anniversary
Showing 1 - 5 of 5 RSS Feed

CVE-2012-0035

Status Candidate

Overview

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

Related Files

Gentoo Linux Security Advisory 201812-05
Posted Dec 7, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201812-5 - A vulnerability in EDE could result in privilege escalation. Versions less than 1.07 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2012-0035
MD5 | 5230c0480d1f9e56a62f956da5c48b5b
Gentoo Linux Security Advisory 201403-05
Posted Mar 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201403-5 - Two vulnerabilities have been found in GNU Emacs, possibly leading to user-assisted execution of arbitrary code. Versions less than 24.1-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2012-0035, CVE-2012-3479
MD5 | a73d75fd9b4ce06bdceeb400052f77d2
Gentoo Linux Security Advisory 201401-31
Posted Jan 27, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-31 - A vulnerability in CEDET could result in privilege escalation. Versions less than 1.0.1 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2012-0035
MD5 | 540b2dfc0769718a384cbf2451a90e9b
Mandriva Linux Security Advisory 2013-076
Posted Apr 9, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-076 - Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. Additionally a problem was fixed reading xz compressed files.

tags | advisory, remote, arbitrary, local
systems | linux, mandriva
advisories | CVE-2012-0035, CVE-2012-3479
MD5 | bcf203652b86fff1f89bf4fc253be523
Ubuntu Security Notice USN-1586-1
Posted Sep 27, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1586-1 - Hiroshi Oota discovered that Emacs incorrectly handled search paths. If a user were tricked into opening a file with Emacs, a local attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. Paul Ling discovered that Emacs incorrectly handled certain eval forms in local-variable sections. If a user were tricked into opening a specially crafted file with Emacs, a remote attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. Various other issues were also addressed.

tags | advisory, remote, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2012-0035, CVE-2012-3479, CVE-2012-0035, CVE-2012-3479
MD5 | cfd0563ee546bb410160ffd2e0c6b016
Page 1 of 1
Back1Next

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    13 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close