CVE-2008-1694 - Improper Link Resolution Before File Access ('Link Following')

Severity

46%

Complexity

39%

Confidentiality

106%

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

GNU Emacs

First reported 17 years ago

2008-04-22 04:41:00

Last updated 6 years ago

2018-10-03 21:54:00

Affected Software

GNU Emacs 20.7

20.7

GNU Emacs 21.1

21.1

GNU Emacs 21.2

21.2

GNU Emacs 21.3

21.3

GNU Emacs 21.4

21.4

References

http://bugs.gentoo.org/show_bug.cgi?id=216880

29905

29926

30109

MDVSA-2008:096

28857

1019909

ADV-2008-1309

ADV-2008-1310

https://bugzilla.redhat.com/show_bug.cgi?id=208483

xemacs-gnuemacs-vcdiff-symlink(41906)

USN-607-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.