PT-2010-2551 · Gnu · Emacs

Dan Rosenberg

Published

2010-04-05

Updated

2017-08-17

CVE-2010-0825

CVSS v2.0

4.4

Medium

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions emacs versions 22 through 23

Description The issue allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks in the movemail component.

Recommendations For emacs versions 22 through 23, consider restricting access to the movemail component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2010-0825

Affected Products

Emacs

PT-2010-2551 · Gnu · Emacs

CVE-2010-0825

Weakness Enumeration

Related Identifiers

Affected Products

References · 11