Backup File Permission Issue in GNU Emacs by GNU
CVE-2017-1000383

5.5MEDIUM

Key Information:

Vendor: Gnu
Status: Emacs
Vendor: CVE Published:; 31 October 2017

Summary

A file permission vulnerability exists in GNU Emacs versions, specifically starting from version 25.3.1, where the application neglects the umask settings when creating backup save files. This issue results in backup files being created with permissions that may allow unintended global access, potentially exposing sensitive information. Users running Emacs may inadvertently create files that are world-readable, thereby compromising the security of their information.

References

http://www.openwall.com/lists/oss-security/2017/10/31/1

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/101671

vdb-entryx_refsource_BID

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2017
Vulnerability Reserved
Oct 31, 2017