CVE-2010-0825

Published: 05/04/2010 Updated: 17/08/2017

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu emacs 22.1
gnu emacs 23.1
gnu emacs 22.3
gnu emacs 22.2

Dan Rosenberg discovered that the email helper in Emacs did not correctly check file permissions A local attacker could perform a symlink race to read or append to another user’s mailbox if it was stored under a group-writable group-“mail” directory ...

Debian Bug report logs - #590301 emacs22: CVE-2010-0825 movemail vulnerable to symlink attacks due to race condition Package: emacs22; Maintainer for emacs22 is Rob Browning <rlb@defaultvalueorg>; Source for emacs22 is src:emacs (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Sun, 25 Jul 2010 1 ...

CWE-264 http://secunia.com/advisories/39155 http://www.ubuntu.com/usn/USN-919-1 https://bugs.launchpad.net/ubuntu/+bug/531569 http://www.vupen.com/english/advisories/2010/0734 http://www.mandriva.com/security/advisories?name=MDVSA-2010:083 http://www.vupen.com/english/advisories/2010/0952 https://exchange.xforce.ibmcloud.com/vulnerabilities/57457 https://nvd.nist.gov https://usn.ubuntu.com/919-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-0825

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect