CVE-2017-14482 - OpenCVE

GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted "Content-Type: text/enriched" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article).

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Gnu	Emacs

Configuration 1 [-]

cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.debian.org/security/2017/dsa-3975
http://www.openwall.com/lists/oss-security/2017/09/11/1	Mailing List Patch Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2771
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350	Issue Tracking Mailing List Patch Vendor Advisory
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70	Issue Tracking Patch Third Party Advisory
https://security.gentoo.org/glsa/201801-07
https://www.debian.org/security/2017/dsa-3970	Third Party Advisory
https://www.gnu.org/software/emacs/index.html#Releases	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-09-14T16:00:00

Updated: 2018-01-08T10:57:02

Reserved: 2017-09-14T00:00:00

Link: CVE-2017-14482

JSON object: View

NVD Information

Status : Modified

Published: 2017-09-14T16:29:00.250

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-14482

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-09-14T00:00:00", "descriptions": [{"lang": "en", "value": "GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted \"Content-Type: text/enriched\" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-01-08T10:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3975", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3975"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70"}, {"name": "DSA-3970", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2017/dsa-3970"}, {"name": "GLSA-201801-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201801-07"}, {"name": "RHSA-2017:2771", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2771"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.gnu.org/software/emacs/index.html#Releases"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.openwall.com/lists/oss-security/2017/09/11/1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14482", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted \"Content-Type: text/enriched\" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3975", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3975"}, {"name": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70", "refsource": "CONFIRM", "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70"}, {"name": "DSA-3970", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2017/dsa-3970"}, {"name": "GLSA-201801-07", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201801-07"}, {"name": "RHSA-2017:2771", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2771"}, {"name": "https://www.gnu.org/software/emacs/index.html#Releases", "refsource": "CONFIRM", "url": "https://www.gnu.org/software/emacs/index.html#Releases"}, {"name": "http://www.openwall.com/lists/oss-security/2017/09/11/1", "refsource": "CONFIRM", "url": "http://www.openwall.com/lists/oss-security/2017/09/11/1"}, {"name": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350", "refsource": "CONFIRM", "url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14482", "datePublished": "2017-09-14T16:00:00", "dateReserved": "2017-09-14T00:00:00", "dateUpdated": "2018-01-08T10:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*", "matchCriteriaId": "07D81FB9-4FD0-41B9-8BFB-37EB24EE3939", "versionEndIncluding": "25.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "GNU Emacs before 25.3 allows remote attackers to execute arbitrary code via email with crafted \"Content-Type: text/enriched\" data containing an x-display XML element that specifies execution of shell commands, related to an unsafe text/enriched extension in lisp/textmodes/enriched.el, and unsafe Gnus support for enriched and richtext inline MIME objects in lisp/gnus/mm-view.el. In particular, an Emacs user can be instantly compromised by reading a crafted email message (or Usenet news article)."}, {"lang": "es", "value": "GNU Emacs en versiones anteriores a la 25.3 permite que atacantes remotos ejecuten c\u00f3digo arbitrario por email con datos \"Content-Type: text/enriched\" manipulados que contienen un elemento x-display XML que especifica la ejecuci\u00f3n de comandos shell. Esto est\u00e1 relacionado con una extensi\u00f3n text/enriched no segura en lisp/textmodes/enriched.el, as\u00ed como con un soporte Gnus inseguro para objetos MIME \"enriched\" y \"richtext\" en lisp/gnus/mm-view.el. Concretamente, es posible que un usuario de Emacs quede comprometido instant\u00e1neamente leyendo un mensaje de correo electr\u00f3nico manipulado (o un art\u00edculo de noticias de Usenet)."}], "id": "CVE-2017-14482", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-09-14T16:29:00.250", "references": [{"source": "cve@mitre.org", "url": "http://www.debian.org/security/2017/dsa-3975"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2017/09/11/1"}, {"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2017:2771"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Patch", "Vendor Advisory"], "url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201801-07"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2017/dsa-3970"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.gnu.org/software/emacs/index.html#Releases"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}