Full Disclosure mailing list archives
[PLSA 2008-41] Emacs: Malicious code execution
From: Pınar Yanardağ <pinar () pardus org tr>
Date: Sat, 06 Sep 2008 04:13:06 +0300
------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-41 security () pardus org tr ------------------------------------------------------------------------ Date: 2008-09-06 Severity: 2 Type: Remote ------------------------------------------------------------------------ Summary ======= Romain Francoise has found a security risk in a feature of GNU Emacs related to how Emacs interacts with Python. Description =========== The vulnerability may allow an attacker to run malicious code if the user runs the Emacs command `run-python' while the current directory is world-writable, or if the user toggles `eldoc-mode' and visits a Python source file in a world-writable directory. Affected packages: Pardus 2008: emacs, all before 23.0.60_20080624-22-6 Pardus 2007: emacs, all before 22.1-17-17 Resolution ========== There are update(s) for emacs. You can update them via Package Manager or with a single command from console: Pardus 2008: pisi up emacs Pardus 2007: pisi up emacs References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=8128 * http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00215.html * http://www.opensubscriber.com/message/emacs-diffs () gnu org/9983157.html ------------------------------------------------------------------------ -- Pınar Yanardağ Pardus Security Team http://security.pardus.org.tr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [PLSA 2008-41] Emacs: Malicious code execution Pınar Yanardağ (Sep 05)