cvelistv5 - cve-2007-5795

CVE-2007-5795 (GCVE-0-2007-5795)

Vulnerability from cvelistv5

Published

2007-11-02 22:00

Modified

2024-08-07 15:46

Severity ?

CWE

Summary

The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

References

URL

Tags

	secalert@redhat.com	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008
	secalert@redhat.com	http://bugs.gentoo.org/show_bug.cgi?id=197958
	secalert@redhat.com	http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28&r2=1.896.2.29
	secalert@redhat.com	http://docs.info.apple.com/article.html?artnum=307562
	secalert@redhat.com	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
	secalert@redhat.com	http://osvdb.org/42060
	secalert@redhat.com	http://secunia.com/advisories/27508
	secalert@redhat.com	http://secunia.com/advisories/27627
	secalert@redhat.com	http://secunia.com/advisories/27728
	secalert@redhat.com	http://secunia.com/advisories/27984
	secalert@redhat.com	http://secunia.com/advisories/29420
	secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200712-03.xml
	secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2008:034
	secalert@redhat.com	http://www.securityfocus.com/bid/26327
	secalert@redhat.com	http://www.ubuntu.com/usn/usn-541-1
	secalert@redhat.com	http://www.vupen.com/english/advisories/2007/3715
	secalert@redhat.com	http://www.vupen.com/english/advisories/2008/0924/references
	secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/38263
	secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html
	af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008
	af854a3a-2127-422b-91ae-364da2661108	http://bugs.gentoo.org/show_bug.cgi?id=197958
	af854a3a-2127-422b-91ae-364da2661108	http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28&r2=1.896.2.29
	af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307562
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/42060
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27508
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27627
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27728
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27984
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29420
	af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200712-03.xml
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:034
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26327
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-541-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3715
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0924/references
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38263
	af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:46:59.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2007-3056",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008"
          },
          {
            "name": "27984",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27984"
          },
          {
            "name": "emacs-hacklocalvariables-security-bypass(38263)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38263"
          },
          {
            "name": "27728",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27728"
          },
          {
            "name": "ADV-2008-0924",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "ADV-2007-3715",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3715"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29"
          },
          {
            "name": "42060",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/42060"
          },
          {
            "name": "USN-541-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-541-1"
          },
          {
            "name": "29420",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "MDVSA-2008:034",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:034"
          },
          {
            "name": "26327",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26327"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=197958"
          },
          {
            "name": "GLSA-200712-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200712-03.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          },
          {
            "name": "27508",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27508"
          },
          {
            "name": "27627",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27627"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2007-3056",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008"
        },
        {
          "name": "27984",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27984"
        },
        {
          "name": "emacs-hacklocalvariables-security-bypass(38263)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38263"
        },
        {
          "name": "27728",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27728"
        },
        {
          "name": "ADV-2008-0924",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0924/references"
        },
        {
          "name": "ADV-2007-3715",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3715"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29"
        },
        {
          "name": "42060",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/42060"
        },
        {
          "name": "USN-541-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-541-1"
        },
        {
          "name": "29420",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29420"
        },
        {
          "name": "APPLE-SA-2008-03-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
        },
        {
          "name": "MDVSA-2008:034",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:034"
        },
        {
          "name": "26327",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26327"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=197958"
        },
        {
          "name": "GLSA-200712-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200712-03.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://docs.info.apple.com/article.html?artnum=307562"
        },
        {
          "name": "27508",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27508"
        },
        {
          "name": "27627",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27627"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-5795",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2007-3056",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008",
              "refsource": "CONFIRM",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008"
            },
            {
              "name": "27984",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27984"
            },
            {
              "name": "emacs-hacklocalvariables-security-bypass(38263)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38263"
            },
            {
              "name": "27728",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27728"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "ADV-2007-3715",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3715"
            },
            {
              "name": "http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29",
              "refsource": "CONFIRM",
              "url": "http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29"
            },
            {
              "name": "42060",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/42060"
            },
            {
              "name": "USN-541-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/usn-541-1"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "MDVSA-2008:034",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:034"
            },
            {
              "name": "26327",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26327"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=197958",
              "refsource": "CONFIRM",
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=197958"
            },
            {
              "name": "GLSA-200712-03",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200712-03.xml"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "27508",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27508"
            },
            {
              "name": "27627",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27627"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-5795",
    "datePublished": "2007-11-02T22:00:00",
    "dateReserved": "2007-11-02T00:00:00",
    "dateUpdated": "2024-08-07T15:46:59.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5795\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2007-11-02T22:46:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n hack-local-variables en el Emacs anterior al 22.2, cuando el enable-local-variables est\u00e1 establecido a :safe, no busca correctamente las listas de las variables no seguras o de riesgo, lo que permite a permite a atacantes con la intervenci\u00f3n del usuario evitar las restricciones y modificar variables de programa cr\u00edticas a trav\u00e9s de un fichero que contiene declaraciones de variables Locales.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:N/I:C/A:C\",\"baseScore\":6.3,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":9.2,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C8919F1-CD33-437E-9627-69352B276BA3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"22.1\",\"matchCriteriaId\":\"F4FB1FAE-4C0F-4F1E-B2D8-C56B5603937D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"22.1\",\"matchCriteriaId\":\"F4FB1FAE-4C0F-4F1E-B2D8-C56B5603937D\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=197958\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307562\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://osvdb.org/42060\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/27508\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/27627\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/27728\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/27984\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/29420\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200712-03.xml\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:034\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/26327\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/usn-541-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3715\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0924/references\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38263\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=197958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://docs.info.apple.com/article.html?artnum=307562\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/42060\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27508\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27627\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27728\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29420\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.gentoo.org/glsa/glsa-200712-03.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2008:034\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/26327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/usn-541-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/3715\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2008/0924/references\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/38263\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect versions of Emacs as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.\",\"lastModified\":\"2007-11-09T00:00:00\"}]}}"
  }
}

opensuse-su-2024:10735-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

emacs-27.2-6.2 on GA media

Notes

Title of the patch

emacs-27.2-6.2 on GA media

Description of the patch

These are all security issues fixed in the emacs-27.2-6.2 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10735

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "emacs-27.2-6.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the emacs-27.2-6.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10735",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10735-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2007-5795 page",
        "url": "https://www.suse.com/security/cve/CVE-2007-5795/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7476 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7476/"
      }
    ],
    "title": "emacs-27.2-6.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10735-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "emacs-27.2-6.2.aarch64",
                "product": {
                  "name": "emacs-27.2-6.2.aarch64",
                  "product_id": "emacs-27.2-6.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-el-27.2-6.2.aarch64",
                "product": {
                  "name": "emacs-el-27.2-6.2.aarch64",
                  "product_id": "emacs-el-27.2-6.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-info-27.2-6.2.aarch64",
                "product": {
                  "name": "emacs-info-27.2-6.2.aarch64",
                  "product_id": "emacs-info-27.2-6.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-nox-27.2-6.2.aarch64",
                "product": {
                  "name": "emacs-nox-27.2-6.2.aarch64",
                  "product_id": "emacs-nox-27.2-6.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-x11-27.2-6.2.aarch64",
                "product": {
                  "name": "emacs-x11-27.2-6.2.aarch64",
                  "product_id": "emacs-x11-27.2-6.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "etags-27.2-6.2.aarch64",
                "product": {
                  "name": "etags-27.2-6.2.aarch64",
                  "product_id": "etags-27.2-6.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "emacs-27.2-6.2.ppc64le",
                "product": {
                  "name": "emacs-27.2-6.2.ppc64le",
                  "product_id": "emacs-27.2-6.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-el-27.2-6.2.ppc64le",
                "product": {
                  "name": "emacs-el-27.2-6.2.ppc64le",
                  "product_id": "emacs-el-27.2-6.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-info-27.2-6.2.ppc64le",
                "product": {
                  "name": "emacs-info-27.2-6.2.ppc64le",
                  "product_id": "emacs-info-27.2-6.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-nox-27.2-6.2.ppc64le",
                "product": {
                  "name": "emacs-nox-27.2-6.2.ppc64le",
                  "product_id": "emacs-nox-27.2-6.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-x11-27.2-6.2.ppc64le",
                "product": {
                  "name": "emacs-x11-27.2-6.2.ppc64le",
                  "product_id": "emacs-x11-27.2-6.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "etags-27.2-6.2.ppc64le",
                "product": {
                  "name": "etags-27.2-6.2.ppc64le",
                  "product_id": "etags-27.2-6.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "emacs-27.2-6.2.s390x",
                "product": {
                  "name": "emacs-27.2-6.2.s390x",
                  "product_id": "emacs-27.2-6.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-el-27.2-6.2.s390x",
                "product": {
                  "name": "emacs-el-27.2-6.2.s390x",
                  "product_id": "emacs-el-27.2-6.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-info-27.2-6.2.s390x",
                "product": {
                  "name": "emacs-info-27.2-6.2.s390x",
                  "product_id": "emacs-info-27.2-6.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-nox-27.2-6.2.s390x",
                "product": {
                  "name": "emacs-nox-27.2-6.2.s390x",
                  "product_id": "emacs-nox-27.2-6.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-x11-27.2-6.2.s390x",
                "product": {
                  "name": "emacs-x11-27.2-6.2.s390x",
                  "product_id": "emacs-x11-27.2-6.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "etags-27.2-6.2.s390x",
                "product": {
                  "name": "etags-27.2-6.2.s390x",
                  "product_id": "etags-27.2-6.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "emacs-27.2-6.2.x86_64",
                "product": {
                  "name": "emacs-27.2-6.2.x86_64",
                  "product_id": "emacs-27.2-6.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-el-27.2-6.2.x86_64",
                "product": {
                  "name": "emacs-el-27.2-6.2.x86_64",
                  "product_id": "emacs-el-27.2-6.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-info-27.2-6.2.x86_64",
                "product": {
                  "name": "emacs-info-27.2-6.2.x86_64",
                  "product_id": "emacs-info-27.2-6.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-nox-27.2-6.2.x86_64",
                "product": {
                  "name": "emacs-nox-27.2-6.2.x86_64",
                  "product_id": "emacs-nox-27.2-6.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "emacs-x11-27.2-6.2.x86_64",
                "product": {
                  "name": "emacs-x11-27.2-6.2.x86_64",
                  "product_id": "emacs-x11-27.2-6.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "etags-27.2-6.2.x86_64",
                "product": {
                  "name": "etags-27.2-6.2.x86_64",
                  "product_id": "etags-27.2-6.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-27.2-6.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-27.2-6.2.aarch64"
        },
        "product_reference": "emacs-27.2-6.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-27.2-6.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-27.2-6.2.ppc64le"
        },
        "product_reference": "emacs-27.2-6.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-27.2-6.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-27.2-6.2.s390x"
        },
        "product_reference": "emacs-27.2-6.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-27.2-6.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-27.2-6.2.x86_64"
        },
        "product_reference": "emacs-27.2-6.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-el-27.2-6.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-el-27.2-6.2.aarch64"
        },
        "product_reference": "emacs-el-27.2-6.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-el-27.2-6.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-el-27.2-6.2.ppc64le"
        },
        "product_reference": "emacs-el-27.2-6.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-el-27.2-6.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-el-27.2-6.2.s390x"
        },
        "product_reference": "emacs-el-27.2-6.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-el-27.2-6.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-el-27.2-6.2.x86_64"
        },
        "product_reference": "emacs-el-27.2-6.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-info-27.2-6.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-info-27.2-6.2.aarch64"
        },
        "product_reference": "emacs-info-27.2-6.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-info-27.2-6.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-info-27.2-6.2.ppc64le"
        },
        "product_reference": "emacs-info-27.2-6.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-info-27.2-6.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-info-27.2-6.2.s390x"
        },
        "product_reference": "emacs-info-27.2-6.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-info-27.2-6.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-info-27.2-6.2.x86_64"
        },
        "product_reference": "emacs-info-27.2-6.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-nox-27.2-6.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-nox-27.2-6.2.aarch64"
        },
        "product_reference": "emacs-nox-27.2-6.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-nox-27.2-6.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-nox-27.2-6.2.ppc64le"
        },
        "product_reference": "emacs-nox-27.2-6.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-nox-27.2-6.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-nox-27.2-6.2.s390x"
        },
        "product_reference": "emacs-nox-27.2-6.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-nox-27.2-6.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-nox-27.2-6.2.x86_64"
        },
        "product_reference": "emacs-nox-27.2-6.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-x11-27.2-6.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-x11-27.2-6.2.aarch64"
        },
        "product_reference": "emacs-x11-27.2-6.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-x11-27.2-6.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-x11-27.2-6.2.ppc64le"
        },
        "product_reference": "emacs-x11-27.2-6.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-x11-27.2-6.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-x11-27.2-6.2.s390x"
        },
        "product_reference": "emacs-x11-27.2-6.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "emacs-x11-27.2-6.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:emacs-x11-27.2-6.2.x86_64"
        },
        "product_reference": "emacs-x11-27.2-6.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "etags-27.2-6.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:etags-27.2-6.2.aarch64"
        },
        "product_reference": "etags-27.2-6.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "etags-27.2-6.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:etags-27.2-6.2.ppc64le"
        },
        "product_reference": "etags-27.2-6.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "etags-27.2-6.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:etags-27.2-6.2.s390x"
        },
        "product_reference": "etags-27.2-6.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "etags-27.2-6.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:etags-27.2-6.2.x86_64"
        },
        "product_reference": "etags-27.2-6.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-5795",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2007-5795"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:emacs-27.2-6.2.aarch64",
          "openSUSE Tumbleweed:emacs-27.2-6.2.ppc64le",
          "openSUSE Tumbleweed:emacs-27.2-6.2.s390x",
          "openSUSE Tumbleweed:emacs-27.2-6.2.x86_64",
          "openSUSE Tumbleweed:emacs-el-27.2-6.2.aarch64",
          "openSUSE Tumbleweed:emacs-el-27.2-6.2.ppc64le",
          "openSUSE Tumbleweed:emacs-el-27.2-6.2.s390x",
          "openSUSE Tumbleweed:emacs-el-27.2-6.2.x86_64",
          "openSUSE Tumbleweed:emacs-info-27.2-6.2.aarch64",
          "openSUSE Tumbleweed:emacs-info-27.2-6.2.ppc64le",
          "openSUSE Tumbleweed:emacs-info-27.2-6.2.s390x",
          "openSUSE Tumbleweed:emacs-info-27.2-6.2.x86_64",
          "openSUSE Tumbleweed:emacs-nox-27.2-6.2.aarch64",
          "openSUSE Tumbleweed:emacs-nox-27.2-6.2.ppc64le",
          "openSUSE Tumbleweed:emacs-nox-27.2-6.2.s390x",
          "openSUSE Tumbleweed:emacs-nox-27.2-6.2.x86_64",
          "openSUSE Tumbleweed:emacs-x11-27.2-6.2.aarch64",
          "openSUSE Tumbleweed:emacs-x11-27.2-6.2.ppc64le",
          "openSUSE Tumbleweed:emacs-x11-27.2-6.2.s390x",
          "openSUSE Tumbleweed:emacs-x11-27.2-6.2.x86_64",
          "openSUSE Tumbleweed:etags-27.2-6.2.aarch64",
          "openSUSE Tumbleweed:etags-27.2-6.2.ppc64le",
          "openSUSE Tumbleweed:etags-27.2-6.2.s390x",
          "openSUSE Tumbleweed:etags-27.2-6.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2007-5795",
          "url": "https://www.suse.com/security/cve/CVE-2007-5795"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 339033 for CVE-2007-5795",
          "url": "https://bugzilla.suse.com/339033"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:emacs-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:emacs-el-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-el-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-el-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-el-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:emacs-info-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-info-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-info-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-info-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:emacs-nox-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-nox-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-nox-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-nox-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:emacs-x11-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-x11-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-x11-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-x11-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:etags-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:etags-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:etags-27.2-6.2.s390x",
            "openSUSE Tumbleweed:etags-27.2-6.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2007-5795"
    },
    {
      "cve": "CVE-2017-7476",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7476"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:emacs-27.2-6.2.aarch64",
          "openSUSE Tumbleweed:emacs-27.2-6.2.ppc64le",
          "openSUSE Tumbleweed:emacs-27.2-6.2.s390x",
          "openSUSE Tumbleweed:emacs-27.2-6.2.x86_64",
          "openSUSE Tumbleweed:emacs-el-27.2-6.2.aarch64",
          "openSUSE Tumbleweed:emacs-el-27.2-6.2.ppc64le",
          "openSUSE Tumbleweed:emacs-el-27.2-6.2.s390x",
          "openSUSE Tumbleweed:emacs-el-27.2-6.2.x86_64",
          "openSUSE Tumbleweed:emacs-info-27.2-6.2.aarch64",
          "openSUSE Tumbleweed:emacs-info-27.2-6.2.ppc64le",
          "openSUSE Tumbleweed:emacs-info-27.2-6.2.s390x",
          "openSUSE Tumbleweed:emacs-info-27.2-6.2.x86_64",
          "openSUSE Tumbleweed:emacs-nox-27.2-6.2.aarch64",
          "openSUSE Tumbleweed:emacs-nox-27.2-6.2.ppc64le",
          "openSUSE Tumbleweed:emacs-nox-27.2-6.2.s390x",
          "openSUSE Tumbleweed:emacs-nox-27.2-6.2.x86_64",
          "openSUSE Tumbleweed:emacs-x11-27.2-6.2.aarch64",
          "openSUSE Tumbleweed:emacs-x11-27.2-6.2.ppc64le",
          "openSUSE Tumbleweed:emacs-x11-27.2-6.2.s390x",
          "openSUSE Tumbleweed:emacs-x11-27.2-6.2.x86_64",
          "openSUSE Tumbleweed:etags-27.2-6.2.aarch64",
          "openSUSE Tumbleweed:etags-27.2-6.2.ppc64le",
          "openSUSE Tumbleweed:etags-27.2-6.2.s390x",
          "openSUSE Tumbleweed:etags-27.2-6.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7476",
          "url": "https://www.suse.com/security/cve/CVE-2017-7476"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1036636 for CVE-2017-7476",
          "url": "https://bugzilla.suse.com/1036636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1037124 for CVE-2017-7476",
          "url": "https://bugzilla.suse.com/1037124"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1037125 for CVE-2017-7476",
          "url": "https://bugzilla.suse.com/1037125"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1037142 for CVE-2017-7476",
          "url": "https://bugzilla.suse.com/1037142"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:emacs-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:emacs-el-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-el-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-el-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-el-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:emacs-info-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-info-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-info-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-info-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:emacs-nox-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-nox-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-nox-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-nox-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:emacs-x11-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-x11-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-x11-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-x11-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:etags-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:etags-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:etags-27.2-6.2.s390x",
            "openSUSE Tumbleweed:etags-27.2-6.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:emacs-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:emacs-el-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-el-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-el-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-el-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:emacs-info-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-info-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-info-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-info-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:emacs-nox-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-nox-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-nox-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-nox-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:emacs-x11-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:emacs-x11-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:emacs-x11-27.2-6.2.s390x",
            "openSUSE Tumbleweed:emacs-x11-27.2-6.2.x86_64",
            "openSUSE Tumbleweed:etags-27.2-6.2.aarch64",
            "openSUSE Tumbleweed:etags-27.2-6.2.ppc64le",
            "openSUSE Tumbleweed:etags-27.2-6.2.s390x",
            "openSUSE Tumbleweed:etags-27.2-6.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-7476"
    }
  ]
}

CERTA-2008-AVI-148

Vulnerability from certfr_avis

None

Description

De multiples vulnérabilités ont été découvertes dans le système d'exploitation Apple Mac OS X. L'exploitation de ces vulnérabilités permet à un individu malveillant diverses actions dont exécuter du code arbitaire à distance, effectuer un déni de service, contourner la politique de sécurité, élever ses privilèges et effectuer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité Apple 307562 pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Apple	N/A	Apple Mac Os X version 10.4.11 et antérieures ;
	Apple	N/A	Apple Mac Os X version 10.5.2 et antérieures.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 307562 du 18 mars 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apple Mac Os X version 10.4.11 et ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Apple Mac Os X version 10.5.2 et ant\u00e9rieures.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le syst\u00e8me\nd\u0027exploitation Apple Mac OS X. L\u0027exploitation de ces vuln\u00e9rabilit\u00e9s\npermet \u00e0 un individu malveillant diverses actions dont ex\u00e9cuter du code\narbitaire \u00e0 distance, effectuer un d\u00e9ni de service, contourner la\npolitique de s\u00e9curit\u00e9, \u00e9lever ses privil\u00e8ges et effectuer une atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Apple 307562 pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-0063",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0063"
    },
    {
      "name": "CVE-2008-0060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0060"
    },
    {
      "name": "CVE-2007-3847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3847"
    },
    {
      "name": "CVE-2007-6109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6109"
    },
    {
      "name": "CVE-2007-1661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1661"
    },
    {
      "name": "CVE-2008-0882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0882"
    },
    {
      "name": "CVE-2007-6336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6336"
    },
    {
      "name": "CVE-2007-2799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2799"
    },
    {
      "name": "CVE-2006-3747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3747"
    },
    {
      "name": "CVE-2007-5000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5000"
    },
    {
      "name": "CVE-2008-1089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1089"
    },
    {
      "name": "CVE-2008-0005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0005"
    },
    {
      "name": "CVE-2007-4768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4768"
    },
    {
      "name": "CVE-2008-0059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0059"
    },
    {
      "name": "CVE-2008-1000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1000"
    },
    {
      "name": "CVE-2007-1660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1660"
    },
    {
      "name": "CVE-2007-4568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4568"
    },
    {
      "name": "CVE-2007-3378",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3378"
    },
    {
      "name": "CVE-2008-0052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0052"
    },
    {
      "name": "CVE-2008-0990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0990"
    },
    {
      "name": "CVE-2008-0995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0995"
    },
    {
      "name": "CVE-2007-0898",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0898"
    },
    {
      "name": "CVE-2007-5266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5266"
    },
    {
      "name": "CVE-2008-0055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0055"
    },
    {
      "name": "CVE-2007-1997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1997"
    },
    {
      "name": "CVE-2007-1659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1659"
    },
    {
      "name": "CVE-2007-6337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6337"
    },
    {
      "name": "CVE-2008-0044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0044"
    },
    {
      "name": "CVE-2008-0045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0045"
    },
    {
      "name": "CVE-2007-5971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5971"
    },
    {
      "name": "CVE-2008-0046",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0046"
    },
    {
      "name": "CVE-2008-0047",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0047"
    },
    {
      "name": "CVE-2007-6335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6335"
    },
    {
      "name": "CVE-2007-5267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5267"
    },
    {
      "name": "CVE-2007-3725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3725"
    },
    {
      "name": "CVE-2008-0054",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0054"
    },
    {
      "name": "CVE-2008-0996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0996"
    },
    {
      "name": "CVE-2007-5268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5268"
    },
    {
      "name": "CVE-2007-6203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6203"
    },
    {
      "name": "CVE-2008-0051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0051"
    },
    {
      "name": "CVE-2007-3799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3799"
    },
    {
      "name": "CVE-2008-0048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0048"
    },
    {
      "name": "CVE-2007-1662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1662"
    },
    {
      "name": "CVE-2006-3334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3334"
    },
    {
      "name": "CVE-2008-0998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0998"
    },
    {
      "name": "CVE-2007-0897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0897"
    },
    {
      "name": "CVE-2008-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0318"
    },
    {
      "name": "CVE-2007-6429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6429"
    },
    {
      "name": "CVE-2007-4510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4510"
    },
    {
      "name": "CVE-2007-5269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5269"
    },
    {
      "name": "CVE-2007-5795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5795"
    },
    {
      "name": "CVE-2008-0006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0006"
    },
    {
      "name": "CVE-2008-0062",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0062"
    },
    {
      "name": "CVE-2008-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0728"
    },
    {
      "name": "CVE-2007-2445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2445"
    },
    {
      "name": "CVE-2008-0049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0049"
    },
    {
      "name": "CVE-2007-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1745"
    },
    {
      "name": "CVE-2007-6427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6427"
    },
    {
      "name": "CVE-2008-0987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0987"
    },
    {
      "name": "CVE-2008-0993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0993"
    },
    {
      "name": "CVE-2008-0988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0988"
    },
    {
      "name": "CVE-2008-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0056"
    },
    {
      "name": "CVE-2008-0992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0992"
    },
    {
      "name": "CVE-2006-5793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5793"
    },
    {
      "name": "CVE-2007-6428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6428"
    },
    {
      "name": "CVE-2008-0989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0989"
    },
    {
      "name": "CVE-2005-3352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-3352"
    },
    {
      "name": "CVE-2008-0053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0053"
    },
    {
      "name": "CVE-2007-4767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4767"
    },
    {
      "name": "CVE-2008-0050",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0050"
    },
    {
      "name": "CVE-2007-5958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5958"
    },
    {
      "name": "CVE-2006-6481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-6481"
    },
    {
      "name": "CVE-2008-0994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0994"
    },
    {
      "name": "CVE-2007-6421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6421"
    },
    {
      "name": "CVE-2008-0058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0058"
    },
    {
      "name": "CVE-2007-4752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4752"
    },
    {
      "name": "CVE-2008-0999",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0999"
    },
    {
      "name": "CVE-2007-4560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4560"
    },
    {
      "name": "CVE-2007-4990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4990"
    },
    {
      "name": "CVE-2007-4766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4766"
    },
    {
      "name": "CVE-2007-6388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6388"
    },
    {
      "name": "CVE-2008-0596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0596"
    },
    {
      "name": "CVE-2007-4887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4887"
    }
  ],
  "initial_release_date": "2008-03-19T00:00:00",
  "last_revision_date": "2008-03-19T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-148",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-03-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Apple Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 307562 du 18 mars 2008",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    }
  ]
}

CERTA-2007-AVI-479

Vulnerability from certfr_avis

Une erreur dans le traitement de certains fichiers permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Une erreur de traitement dans la fonction hack-local-variables est exploitable par un utilisateur malveillant pour modifier le fichier user-init-file d'un utilisateur et ensuite exécuter du code Lisp pour Emacs.

La vulnérabilité n'est exploitable que si le paramètre enable-local-variables est positionné à :safe.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

GNU Emacs, versions 22.x.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Rapport d'erreur Debian 449008	None	vendor-advisory
Site du CVS Emacs :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eGNU Emacs, versions 22.x.\u003c/p\u003e",
  "content": "## Description\n\nUne erreur de traitement dans la fonction hack-local-variables est\nexploitable par un utilisateur malveillant pour modifier le fichier\nuser-init-file d\u0027un utilisateur et ensuite ex\u00e9cuter du code Lisp pour\nEmacs.\n\nLa vuln\u00e9rabilit\u00e9 n\u0027est exploitable que si le param\u00e8tre\nenable-local-variables est positionn\u00e9 \u00e0 :safe.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-5795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5795"
    }
  ],
  "initial_release_date": "2007-11-06T00:00:00",
  "last_revision_date": "2007-11-06T00:00:00",
  "links": [
    {
      "title": "Site du CVS Emacs :",
      "url": "http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29"
    }
  ],
  "reference": "CERTA-2007-AVI-479",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-11-06T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une erreur dans le traitement de certains fichiers permet \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de GNU Emacs",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Rapport d\u0027erreur Debian 449008",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008"
    }
  ]
}

ghsa-qf2q-r4v7-rv34

Vulnerability from github

Published

2022-05-01 18:36

Modified

2022-05-01 18:36

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5795"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-11-02T22:46:00Z",
    "severity": "MODERATE"
  },
  "details": "The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.",
  "id": "GHSA-qf2q-r4v7-rv34",
  "modified": "2022-05-01T18:36:45Z",
  "published": "2022-05-01T18:36:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5795"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38263"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html"
    },
    {
      "type": "WEB",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008"
    },
    {
      "type": "WEB",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=197958"
    },
    {
      "type": "WEB",
      "url": "http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29"
    },
    {
      "type": "WEB",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/42060"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27508"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27627"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27728"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27984"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200712-03.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:034"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/26327"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-541-1"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/3715"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2007-5795

Vulnerability from fkie_nvd

Published

2007-11-02 22:46

Modified

2025-04-09 00:30

Severity ?

Summary

References

	URL	Tags
	secalert@redhat.com	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008
	secalert@redhat.com	http://bugs.gentoo.org/show_bug.cgi?id=197958
	secalert@redhat.com	http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28&r2=1.896.2.29
	secalert@redhat.com	http://docs.info.apple.com/article.html?artnum=307562
	secalert@redhat.com	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
	secalert@redhat.com	http://osvdb.org/42060
	secalert@redhat.com	http://secunia.com/advisories/27508
	secalert@redhat.com	http://secunia.com/advisories/27627
	secalert@redhat.com	http://secunia.com/advisories/27728
	secalert@redhat.com	http://secunia.com/advisories/27984
	secalert@redhat.com	http://secunia.com/advisories/29420
	secalert@redhat.com	http://security.gentoo.org/glsa/glsa-200712-03.xml
	secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2008:034
	secalert@redhat.com	http://www.securityfocus.com/bid/26327
	secalert@redhat.com	http://www.ubuntu.com/usn/usn-541-1
	secalert@redhat.com	http://www.vupen.com/english/advisories/2007/3715
	secalert@redhat.com	http://www.vupen.com/english/advisories/2008/0924/references
	secalert@redhat.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/38263
	secalert@redhat.com	https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html
	af854a3a-2127-422b-91ae-364da2661108	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008
	af854a3a-2127-422b-91ae-364da2661108	http://bugs.gentoo.org/show_bug.cgi?id=197958
	af854a3a-2127-422b-91ae-364da2661108	http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28&r2=1.896.2.29
	af854a3a-2127-422b-91ae-364da2661108	http://docs.info.apple.com/article.html?artnum=307562
	af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
	af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/42060
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27508
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27627
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27728
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27984
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29420
	af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200712-03.xml
	af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:034
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/26327
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-541-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/3715
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/0924/references
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/38263
	af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html

Impacted products

Vendor	Product	Version
debian	debian_linux	*
gnu	emacs	*
gnu	emacs	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C8919F1-CD33-437E-9627-69352B276BA3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4FB1FAE-4C0F-4F1E-B2D8-C56B5603937D",
              "versionEndIncluding": "22.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4FB1FAE-4C0F-4F1E-B2D8-C56B5603937D",
              "versionEndIncluding": "22.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n hack-local-variables en el Emacs anterior al 22.2, cuando el enable-local-variables est\u00e1 establecido a :safe, no busca correctamente las listas de las variables no seguras o de riesgo, lo que permite a permite a atacantes con la intervenci\u00f3n del usuario evitar las restricciones y modificar variables de programa cr\u00edticas a trav\u00e9s de un fichero que contiene declaraciones de variables Locales."
    }
  ],
  "id": "CVE-2007-5795",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-02T22:46:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=197958"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/42060"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27508"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27627"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27728"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27984"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://security.gentoo.org/glsa/glsa-200712-03.xml"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:034"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/26327"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-541-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/3715"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38263"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=197958"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://docs.info.apple.com/article.html?artnum=307562"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/42060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27627"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27728"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/29420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200712-03.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:034"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-541-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3715"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0924/references"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "Not vulnerable. This issue did not affect versions of Emacs as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.",
      "lastModified": "2007-11-09T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2007-5795

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-5795

Aliases

CVE-2007-5795

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5795",
    "description": "The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.",
    "id": "GSD-2007-5795",
    "references": [
      "https://www.suse.com/security/cve/CVE-2007-5795.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5795"
      ],
      "details": "The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.",
      "id": "GSD-2007-5795",
      "modified": "2023-12-13T01:21:40.962349Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2007-5795",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "FEDORA-2007-3056",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html"
          },
          {
            "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008",
            "refsource": "CONFIRM",
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008"
          },
          {
            "name": "27984",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27984"
          },
          {
            "name": "emacs-hacklocalvariables-security-bypass(38263)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38263"
          },
          {
            "name": "27728",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27728"
          },
          {
            "name": "ADV-2008-0924",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/0924/references"
          },
          {
            "name": "ADV-2007-3715",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/3715"
          },
          {
            "name": "http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29",
            "refsource": "CONFIRM",
            "url": "http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29"
          },
          {
            "name": "42060",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/42060"
          },
          {
            "name": "USN-541-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/usn-541-1"
          },
          {
            "name": "29420",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29420"
          },
          {
            "name": "APPLE-SA-2008-03-18",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
          },
          {
            "name": "MDVSA-2008:034",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:034"
          },
          {
            "name": "26327",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/26327"
          },
          {
            "name": "http://bugs.gentoo.org/show_bug.cgi?id=197958",
            "refsource": "CONFIRM",
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=197958"
          },
          {
            "name": "GLSA-200712-03",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200712-03.xml"
          },
          {
            "name": "http://docs.info.apple.com/article.html?artnum=307562",
            "refsource": "CONFIRM",
            "url": "http://docs.info.apple.com/article.html?artnum=307562"
          },
          {
            "name": "27508",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27508"
          },
          {
            "name": "27627",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27627"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:debian:debian_linux:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "22.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "22.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2007-5795"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008"
            },
            {
              "name": "http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28\u0026r2=1.896.2.29"
            },
            {
              "name": "http://bugs.gentoo.org/show_bug.cgi?id=197958",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://bugs.gentoo.org/show_bug.cgi?id=197958"
            },
            {
              "name": "FEDORA-2007-3056",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00524.html"
            },
            {
              "name": "GLSA-200712-03",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200712-03.xml"
            },
            {
              "name": "USN-541-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/usn-541-1"
            },
            {
              "name": "26327",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/26327"
            },
            {
              "name": "27508",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27508"
            },
            {
              "name": "27627",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27627"
            },
            {
              "name": "27728",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27728"
            },
            {
              "name": "27984",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/27984"
            },
            {
              "name": "MDVSA-2008:034",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:034"
            },
            {
              "name": "http://docs.info.apple.com/article.html?artnum=307562",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://docs.info.apple.com/article.html?artnum=307562"
            },
            {
              "name": "APPLE-SA-2008-03-18",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
            },
            {
              "name": "29420",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/29420"
            },
            {
              "name": "42060",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/42060"
            },
            {
              "name": "ADV-2008-0924",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/0924/references"
            },
            {
              "name": "ADV-2007-3715",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/3715"
            },
            {
              "name": "emacs-hacklocalvariables-security-bypass(38263)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38263"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 9.2,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:33Z",
      "publishedDate": "2007-11-02T22:46Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-5795 (GCVE-0-2007-5795)

Vulnerability from cvelistv5

opensuse-su-2024:10735-1

Vulnerability from csaf_opensuse

CERTA-2008-AVI-148

Vulnerability from certfr_avis

Description

Solution

CERTA-2007-AVI-479

Vulnerability from certfr_avis

Description

Solution

ghsa-qf2q-r4v7-rv34

Vulnerability from github

fkie_cve-2007-5795

Vulnerability from fkie_nvd

gsd-2007-5795

Vulnerability from gsd

Tags

Sightings

Nomenclature