SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Emacs Vendors:   GNU [multiple authors]
Emacs movemail Format String Flaw May Let Remote POP Servers Execute Arbitrary Code
SecurityTracker Alert ID:  1013100
SecurityTracker URL:  http://securitytracker.com/id/1013100
CVE Reference:   CVE-2005-0100   (Links to External Site)
Date:  Feb 7 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 21.4.17
Description:   A vulnerability was reported in Emacs in the 'movemail' utility. A remote user may be able to execute arbitrary code on the target system.

The vendor reported that a remote POP3 mail server can send a specially crafted response to a connected movemail client to trigger a format string flaw and execute arbitrary code on the target client. The code will execute with the privileges of the movemail process. On some systems, movemail is configured with set group id (setgid) 'mail' group privileges.

The flaw resides in 'movemail.c'.

Max Vozeler is credited with discovering this flaw.

Impact:   A remote POP3 server can execute arbitrary code on a connected client with the privileges of the movemail process.
Solution:   A fixed version of XEmacs (21.4.17) is available at:

ftp://ftp.xemacs.org/pub/xemacs/xemacs-21.4

Vendor URL:  www.gnu.org/software/emacs/emacs.html (Links to External Site)
Cause:   Input validation error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 9 2005 (Debian Issues Fix for emacs20) Emacs movemail Format String Flaw May Let Remote POP Servers Execute Arbitrary Code
Debian has released a fix for emacs20.
Feb 9 2005 (Debian Issues Fix) Emacs movemail Format String Flaw May Let Remote POP Servers Execute Arbitrary Code
Debian has released a fix for xemacs21.
Feb 11 2005 (Red Hat Issues Fix) Emacs movemail Format String Flaw May Let Remote POP Servers Execute Arbitrary Code
Red Hat has released a fix.
Feb 11 2005 (Red Hat Issues Fix) Emacs movemail Format String Flaw May Let Remote POP Servers Execute Arbitrary Code
Red Hat has released a fix.
Feb 15 2005 (Red Hat Issues Fix) Emacs movemail Format String Flaw May Let Remote POP Servers Execute Arbitrary Code
Red Hat has released a fix.
Feb 16 2005 (Mandrake Issues Fix) Emacs movemail Format String Flaw May Let Remote POP Servers Execute Arbitrary Code
Mandrake has released a fix.
Feb 16 2005 (Red Hat Issues Fix for xemacs) Emacs movemail Format String Flaw May Let Remote POP Servers Execute Arbitrary Code
Red Hat has released a fix for xemacs.
Feb 17 2005 (Debian Issues Fix) Emacs movemail Format String Flaw May Let Remote POP Servers Execute Arbitrary Code
Debian has released a fix.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC