漏洞信息详情

Emacs局部变量任意命令执行漏洞

  • CNNVD编号:CNNVD-200312-329
  • 危害等级: 中危
  • CVE编号: CVE-2003-1232
  • 漏洞类型: 输入验证
  • 发布时间: 2003-12-31
  • 威胁类型: 远程
  • 更新时间: 2010-04-02
  • 厂        商: gnu
  • 漏洞来源: Georgi Guninski di...

漏洞简介

Emacs 21.2.1版本在执行文本文件的局部变量段中的Lisp代码之前不提示或警告用户,用户辅助的攻击者可以执行任意命令,正如使用mode-name变量。

漏洞公告

The vendor has released version 21.3 of emacs to address this issue. Mandriva has released advisory MDKSA-2005:208, along with fixes to address this issue. Please see the referenced advisory for further information. GNU Emacs 21.2

参考网址

来源: lists.grok.org.uk 链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/005089.html 来源: SECUNIA 名称: 17496 链接:http://secunia.com/advisories/17496 来源: groups.google.com 链接:http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f 来源: groups.google.com 链接:http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f 来源: bugs.debian.org 链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286183 来源: BID 名称: 15375 链接:http://www.securityfocus.com/bid/15375 来源: MANDRIVA 名称: MDKSA-2005:208 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:208

受影响实体

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多