Published: 31/10/2017 Updated: 27/11/2017

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu emacs

It was found that emacs applies the opened file read permissions to the swap file, overriding the process' umask An attacker might search for vim swap files, that were not deleted properly, in order to retrieve sensible data ...

GNU Emacs version 2531 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary An attacker might search for emacs backup save files in order to retrieve security sensible ...

CWE-200 http://www.openwall.com/lists/oss-security/2017/10/31/1 http://www.securityfocus.com/bid/101671 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-1000383

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-1000383

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect