Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Eric M Ludlam
  • Cedet
Gnu
  • Emacs

Configuration 1 [-]

OR cpe:2.3:a:eric_m_ludlam:cedet:*:*:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre1:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre2:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre3:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre4:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre6:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre7:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*
References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html
http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html Patch
http://openwall.com/lists/oss-security/2012/01/10/2 Patch
http://openwall.com/lists/oss-security/2012/01/10/4
http://secunia.com/advisories/47311 Vendor Advisory
http://secunia.com/advisories/47515 Vendor Advisory
http://secunia.com/advisories/50801
http://sourceforge.net/mailarchive/message.php?msg_id=28649762
http://sourceforge.net/mailarchive/message.php?msg_id=28657612
http://www.mandriva.com/security/advisories?name=MDVSA-2013:076
http://www.ubuntu.com/usn/USN-1586-1
https://security.gentoo.org/glsa/201812-05
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2012-01-19T15:00:00

Updated: 2018-12-07T10:57:01

Reserved: 2011-12-07T00:00:00

Link: CVE-2012-0035

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2012-01-19T15:55:00.943

Modified: 2018-12-07T11:29:00.277

Link: CVE-2012-0035

JSON object: View

cve-icon Redhat Information

No data.

CWE