oss-sec mailing list archives
Re: GNU Emacs 25.2 enriched text remote code execution
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 11 Sep 2017 20:58:57 +0200
Hi Paul, On Sun, Sep 10, 2017 at 11:56:20PM -0700, Paul Eggert wrote:
GNU Emacs is an extensible, customizable, free/libre text editor and software environment. When Emacs renders MIME text/enriched data (Internet RFC 1896), it is vulnerable to arbitrary code execution. Since Emacs-based mail clients decode "Content-Type: text/enriched", this code is exploitable remotely. This bug affects GNU Emacs versions 19.29 through 25.2. Although we know no efforts to exploit this in the wild, exploitation is easy.
[...]
== Timeline == 2017-09-04. Bug reported to the Emacs bug tracker by Charles A. Roelli. 2017-09-07. POC for remote code execution sent to the maintainers of Emacs and Gnus (Reiner Steib <Reiner.Steib () gmx de>, private mail). 2017-09-08. Patch (by Lars Ingebrigtsen <larsi () gnus org>) to disable the problematic code and mitigation (private mail). 2017-09-09. Patch committed in main development repository.
Have you requested a CVE for this issue? Regards, Salvatore
Current thread:
- GNU Emacs 25.2 enriched text remote code execution Paul Eggert (Sep 11)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 14)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)
- Re: GNU Emacs 25.2 enriched text remote code execution Florian Weimer (Sep 12)
- Re: GNU Emacs 25.2 enriched text remote code execution Salvatore Bonaccorso (Sep 11)