9.3

CVE-2012-0035

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Eric M LudlamCedet Version <= 1.0
Eric M LudlamCedet Version1.0 Updatebeta1
Eric M LudlamCedet Version1.0 Updatebeta2
Eric M LudlamCedet Version1.0 Updatebeta3
Eric M LudlamCedet Version1.0 Updatepre1
Eric M LudlamCedet Version1.0 Updatepre2
Eric M LudlamCedet Version1.0 Updatepre3
Eric M LudlamCedet Version1.0 Updatepre4
Eric M LudlamCedet Version1.0 Updatepre6
Eric M LudlamCedet Version1.0 Updatepre7
GnuEmacs Version <= 23.3
GnuEmacs Version20.0
GnuEmacs Version20.1
GnuEmacs Version20.2
GnuEmacs Version20.3
GnuEmacs Version20.4
GnuEmacs Version20.5
GnuEmacs Version20.6
GnuEmacs Version20.7
GnuEmacs Version21
GnuEmacs Version21.1
GnuEmacs Version21.2
GnuEmacs Version21.2.1
GnuEmacs Version21.3
GnuEmacs Version21.3.1
GnuEmacs Version21.4
GnuEmacs Version22.1
GnuEmacs Version22.2
GnuEmacs Version22.3
GnuEmacs Version23.1
GnuEmacs Version23.2
GnuEmacs Version23.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.72% 0.843
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html
http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html
Patch
http://openwall.com/lists/oss-security/2012/01/10/2
Patch
http://openwall.com/lists/oss-security/2012/01/10/4
http://secunia.com/advisories/47311
Vendor Advisory
http://secunia.com/advisories/47515
Vendor Advisory
http://secunia.com/advisories/50801
http://sourceforge.net/mailarchive/message.php?msg_id=28649762
http://sourceforge.net/mailarchive/message.php?msg_id=28657612
http://www.mandriva.com/security/advisories?name=MDVSA-2013:076
http://www.ubuntu.com/usn/USN-1586-1
https://security.gentoo.org/glsa/201812-05