Local Variable Modification Vulnerability in Emacs by GNU
CVE-2007-5795

Currently unrated

Key Information:

Vendor: Gnu
Status: Emacs
Vendor: CVE Published:; 2 November 2007

Summary

The hack-local-variables function in Emacs prior to version 22.2, when configured with enable-local-variables set to :safe, fails to adequately validate lists of unsafe and risky variables. This oversight enables attackers, who manipulate a file with a Local Variables declaration, to circumvent restrictions and alter sensitive program variables, posing potential security risks within the environment.

References

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008

x_refsource_CONFIRM

http://secunia.com/advisories/27984

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Nov 2, 2007
Vulnerability Reserved
Nov 2, 2007