Title: Emacs flim Library Insecure Temporary File Creation Vulnerability
Severity: MODERATE
Description:
Emacs is a widely used, freely available text editor, maintained by the Free Software Foundation.
A Symbolic link vulnerability has been reported within the Emacs flim library. This library is used by Emacs for working with Internet messages.
The problem exists because flim creates temporary files in an insecure manner. A local user could exploit this vulnerability to cause files to be overwritten with the privileges of the user running Emacs.
Affected Products:
- Debian Linux 3.0.0
- Debian Linux 3.0.0 alpha
- Debian Linux 3.0.0 arm
- Debian Linux 3.0.0 hppa
- Debian Linux 3.0.0 ia-32
- Debian Linux 3.0.0 ia-64
- Debian Linux 3.0.0 m68k
- Debian Linux 3.0.0 mips
- Debian Linux 3.0.0 mipsel
- Debian Linux 3.0.0 ppc
- Debian Linux 3.0.0 s/390
- Debian Linux 3.0.0 sparc
- GNU Emacs 20.0.0
- GNU Emacs 20.1.0
- GNU Emacs 20.2.0
- GNU Emacs 20.3.0
- GNU Emacs 20.4.0
- GNU Emacs 20.5.0
- GNU Emacs 20.6.0
- GNU Emacs 20.6.0
- GNU Emacs 21.2.0
- MandrakeSoft Linux Mandrake 6.0.0
- MandrakeSoft Linux Mandrake 6.1.0
- MandrakeSoft Linux Mandrake 7.0.0
- RedHat Fedora Core2
- RedHat Linux 6.2.0 i386
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
