Local File Overwrite Vulnerability in GNU Emacs by GNU
CVE-2014-3422

Currently unrated

Key Information:

Vendor: Gnu
Status: Emacs
Vendor: CVE Published:; 8 May 2014

Summary

The vulnerability in GNU Emacs pertains to the potential for local users to exploit predictable temporary filenames in the 'find-gc.el' module. This allows attackers to create a symlink from a temporary file in /tmp/esrc/ to any arbitrary file, resulting in unintentional file manipulation or overwrite. Specifically, users running GNU Emacs versions up to 24.3 are at risk if they encounter a scenario where temporary files are not securely handled, permitting unauthorized access to the system's file structure.

References

http://openwall.com/lists/oss-security/2014/05/07/7

mailing-listx_refsource_MLIST

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://advisories.mageia.org/MGASA-2014-0250.html

x_refsource_CONFIRM

Timeline

Vulnerability published
May 8, 2014
Vulnerability Reserved
May 7, 2014