4.6

CVE-2008-1694

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuEmacs Version20.7
GnuEmacs Version21.1
GnuEmacs Version21.2
GnuEmacs Version21.3
GnuEmacs Version21.4
GnuSccs
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.312
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://secunia.com/advisories/30109
https://usn.ubuntu.com/607-1/
http://bugs.gentoo.org/show_bug.cgi?id=216880
http://secunia.com/advisories/29905
http://secunia.com/advisories/29926
http://www.mandriva.com/security/advisories?name=MDVSA-2008:096
http://www.securityfocus.com/bid/28857
http://www.securitytracker.com/id?1019909
http://www.vupen.com/english/advisories/2008/1309/references
http://www.vupen.com/english/advisories/2008/1310/references
https://bugzilla.redhat.com/show_bug.cgi?id=208483
https://exchange.xforce.ibmcloud.com/vulnerabilities/41906