CVE-2007-5795

Severity

63%

Complexity

34%

Confidentiality

153%

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

CVSS 2.0 Base Score 6.3. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:N/I:C/A:C).

Overview

First reported 17 years ago

2007-11-02 22:46:00

Last updated 7 years ago

2017-07-29 01:33:00

Affected Software

GNU Emacs

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008

http://bugs.gentoo.org/show_bug.cgi?id=197958

http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28&r2=1.896.2.29

http://docs.info.apple.com/article.html?artnum=307562

APPLE-SA-2008-03-18

42060

27508

27627

27728

27984

29420

GLSA-200712-03

MDVSA-2008:034

26327

USN-541-1

ADV-2007-3715

ADV-2008-0924

emacs-hacklocalvariables-security-bypass(38263)

FEDORA-2007-3056

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.