Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2017-1000383  

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. An attacker might search for emacs backup save files in order to retrieve security sensible data.

Source
Severity Low

Remote No

Type Information disclosure

Description 

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary. An attacker might search for emacs backup save files in order to retrieve security sensible data.

AVG-637 emacs-nox 26.1-1 Low Vulnerable

AVG-636 emacs 26.1-2 Low Vulnerable 

http://www.openwall.com/lists/oss-security/2017/10/31/1
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182

Reading the comments, this will most likely never get fixed upstream.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started