Title: Emacs Local Variable Arbitrary Command Execution Vulnerability
Severity: HIGH
Description:
Emacs is a widely used, freely available text editor, maintained by the Free Software Foundation
Emacs is susceptible to an arbitrary command execution vulnerability with local variables. This issue is due to insufficient sanitization of user-supplied input.
Local variables are instructions placed in text files to instruct the editor on how to handle certain elements of the file. Local variables are usually used to specify settings such as file formatting specifications.
By modifying a text file to include local variables containing an 'eval' statement, attackers may cause arbitrary commands to be executed.
This vulnerability allows an attacker to execute arbitrary commands with the privileges of the emacs user. This gives an attacker the ability to gain remote access to computers running the vulnerable software.
Affected Products:
- GNU Emacs 21.2.0
- MandrakeSoft Corporate Server 2.1.0
- MandrakeSoft Corporate Server 2.1.0 x86_64
References:
- Debian: Debian Bug report logs - #286183
- GNU: Emacs Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
