CVE-2010-0825

Severity

44%

Complexity

34%

Confidentiality

106%

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

CVSS 2.0 Base Score 4.4. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

GNU Emacs

First reported 14 years ago

2010-04-05 15:30:00

Last updated 7 years ago

2017-08-17 01:32:00

Affected Software

GNU Emacs 22.1

22.1

GNU Emacs 22.2

22.2

GNU Emacs 22.3

22.3

GNU Emacs 23.1

23.1

References

39155

Vendor Advisory

MDVSA-2010:083

USN-919-1

ADV-2010-0734

Vendor Advisory

ADV-2010-0952

https://bugs.launchpad.net/ubuntu/+bug/531569

emacs-emailhelper-symlink(57457)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.