ID CVE-2012-3479
Summary lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.
References
Vulnerable Configurations
  • GNU Emacs 23.2
    cpe:2.3:a:gnu:emacs:23.2
  • GNU Emacs 23.3
    cpe:2.3:a:gnu:emacs:23.3
  • GNU Emacs 23.4
    cpe:2.3:a:gnu:emacs:23.4
  • GNU Emacs 24.1
    cpe:2.3:a:gnu:emacs:24.1
CVSS
Base: 6.8 (as of 27-08-2012 - 10:44)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2603.NASL
    description Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to 'safe'.
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 63456
    published 2013-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63456
    title Debian DSA-2603-1 : emacs23 - programming error
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201403-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-201403-05 (GNU Emacs: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GNU Emacs: When ‘global-ede-mode’ is enabled, EDE in Emacs automatically loads a Project.ede file from the project directory (CVE-2012-0035). When ‘enable-local-variables’’ is set to ‘:safe’, Emacs automatically processes eval forms (CVE-2012-3479). Impact : A remote attacker could entice a user to open a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-01-16
    modified 2018-07-12
    plugin id 73127
    published 2014-03-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73127
    title GLSA-201403-05 : GNU Emacs: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-11872.NASL
    description CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local variable sections, when 'enable-local-variables' set to ':safe' Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2015-10-20
    plugin id 61633
    published 2012-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61633
    title Fedora 16 : emacs-23.3-10.fc16 (2012-11872)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2012-228-02.NASL
    description New emacs packages are available for Slackware 13.1, 13.37, and -current to fix a security issue.
    last seen 2018-09-02
    modified 2014-03-21
    plugin id 61553
    published 2012-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61553
    title Slackware 13.1 / 13.37 / current : emacs (SSA:2012-228-02)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_EMACS_20140731.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. (CVE-2012-3479)
    last seen 2019-01-16
    modified 2018-11-15
    plugin id 80603
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80603
    title Oracle Solaris Third-Party Patch Update : emacs (cve_2012_3479_arbitrary_code)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1586-1.NASL
    description Hiroshi Oota discovered that Emacs incorrectly handled search paths. If a user were tricked into opening a file with Emacs, a local attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. (CVE-2012-0035) Paul Ling discovered that Emacs incorrectly handled certain eval forms in local-variable sections. If a user were tricked into opening a specially crafted file with Emacs, a remote attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. (CVE-2012-3479). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-12-01
    plugin id 62365
    published 2012-09-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62365
    title Ubuntu 11.10 / 12.04 LTS : emacs23 vulnerabilities (USN-1586-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-710.NASL
    description This update fixes the following issues for emacs, emacs-w3, gnuplot and ddskk: emacs : - Add fix for bnc#775993 which disable arbitrary lisp code execution when 'enable-local-variables' is set to ':safe' (CVE-2012-3479) - Add fix for bnc#780653 to allow emacs to parse tar archives with PAX extended headers - This update also upgrades emacs to version 24.1 : - Support for Gtk+3.0, GnuTLS, ImageMagick, libxml2, and SELinux - Support for wide integer (62 bits) in lisp even on 32-bit machines. - The --unibyte, --multibyte, --no-multibyte, and --no-unibyte command line arguments, and the EMACS_UNIBYTE environment variable, no longer have any effect. - And many more changes see /usr/share/emacs/24.1/etc/NEWS - Remove obsolete patches - Refresh some others patches emacs-w3 : - (condition-case ...) and (eval-when (compile) ...) will not work together gnuplot : - Resolve the former problem by using texlive-texinfo to enforce installing required fonts as well as required tools for TL 2012 - add more texlive 2012 requirements - Make it build with latest TeXLive 2012 with new package layout - Convert gnuplot.el to new backtick lisp scheme for emacs 24.1 ddskk : - Update to ddskk-14.4 and skkdic-20110529 - Take some patches from Debian as well add some own patches - Drop superfluous patches
    last seen 2019-01-16
    modified 2018-11-10
    plugin id 74780
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74780
    title openSUSE Security Update : emacs and depending packages (openSUSE-SU-2012:1348-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-11876.NASL
    description CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local variable sections, when 'enable-local-variables' set to ':safe' Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2015-10-20
    plugin id 61634
    published 2012-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61634
    title Fedora 17 : emacs-24.1-4.fc17 (2012-11876)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-076.NASL
    description Updated emacs packages fix security vulnerabilities : Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file (CVE-2012-0035). lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file (CVE-2012-3479). Additionally a problem was fixed reading xz compressed files (mga#7759).
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 66090
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66090
    title Mandriva Linux Security Advisory : emacs (MDVSA-2013:076)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_C1E5F35EF93D11E1B07F00235A5F2C9A.NASL
    description Chong Yidong reports : Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the Emacs user option `enable-local-variables' is set to `:safe' (the default value is t), Emacs should automatically refuse to evaluate `eval' forms in file-local variable sections. Due to the bug, Emacs instead automatically evaluates such `eval' forms. Thus, if the user changes the value of `enable-local-variables' to `:safe', visiting a malicious file can cause automatic execution of arbitrary Emacs Lisp code with the permissions of the user. The bug is present in Emacs 23.2, 23.3, 23.4, and 24.1.
    last seen 2019-01-16
    modified 2018-11-23
    plugin id 62023
    published 2012-09-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62023
    title FreeBSD : emacs -- remote code execution vulnerability (c1e5f35e-f93d-11e1-b07f-00235a5f2c9a)
refmap via4
bid 54969
confirm http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155
debian DSA-2603
mandriva MDVSA-2013:076
mlist
  • [oss-security] 20120812 Re: Security flaw in GNU Emacs file-local variables
  • [oss-security] 20120813 Security flaw in GNU Emacs file-local variables
sectrack 1027375
secunia
  • 50157
  • 50801
slackware SSA:2012-228-02
suse openSUSE-SU-2012:1348
ubuntu USN-1586-1
Last major update 13-12-2013 - 00:03
Published 25-08-2012 - 06:29
Back to Top