CVE-2012-0035

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-0035
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html
http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html Patch
http://openwall.com/lists/oss-security/2012/01/10/2 Patch
http://openwall.com/lists/oss-security/2012/01/10/4
http://secunia.com/advisories/47311 Vendor Advisory
http://secunia.com/advisories/47515 Vendor Advisory
http://secunia.com/advisories/50801
http://sourceforge.net/mailarchive/message.php?msg_id=28649762
http://sourceforge.net/mailarchive/message.php?msg_id=28657612
http://www.mandriva.com/security/advisories?name=MDVSA-2013:076
http://www.ubuntu.com/usn/USN-1586-1
https://security.gentoo.org/glsa/201812-05
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:eric_m_ludlam:cedet:*:*:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre1:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre2:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre3:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre4:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre6:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre7:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*
History

No history.

Information

Published : 2012-01-19 15:55

Updated : 2024-02-28 11:41

NVD link : CVE-2012-0035

Mitre link : CVE-2012-0035

CVE.ORG link : CVE-2012-0035

JSON object : View

Products Affected

eric_m_ludlam

  • cedet

gnu

  • emacs
CWE
NVD-CWE-Other

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024