Miembros de
Boletines de Vulnerabilidades |
Ejecución de código en Emacs 22 |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Obtener acceso |
| Dificultad | Avanzado |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | Emacs 22 <= 22.1 |
Descripción |
|
|
Se ha descubierto una vulnerabilidad en Emacs 22 en versiones anteriores a la 22.2. La vulnerabilidad reside en un error en la función "hack-local-variable" cuando la variable "enable-local-variables" tiene el valor ':safe'. El error provoca que se busquen incorrectamente las listas de variables inseguras o peligrosas. Un atacante remoto podría saltarse las restricciones y ejecutar código "Emacs Lisp" mediante un fichero con una declaración de variables "Local" que un usuario víctima debería abrir. Existe una prueba de concepto disponible. |
|
Solución |
|
|
Actualización de software Mandriva (MDVSA-2008:034) Mandriva Linux 2007 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/emacs-21.4-26.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/emacs-X11-21.4-26.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/emacs-doc-21.4-26.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/emacs-el-21.4-26.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/emacs-leim-21.4-26.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/i586/media/main/updates/emacs-nox-21.4-26.2mdv2007.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/SRPMS/main/updates/emacs-21.4-26.2mdv2007.0.src.rpm X86_64 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/emacs-21.4-26.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/emacs-X11-21.4-26.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/emacs-doc-21.4-26.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/emacs-el-21.4-26.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/emacs-leim-21.4-26.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/x86_64/media/main/updates/emacs-nox-21.4-26.2mdv2007.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.0/SRPMS/main/updates/emacs-21.4-26.2mdv2007.0.src.rpm Mandriva Linux 2007.1 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/emacs-21.4-26.2mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/emacs-X11-21.4-26.2mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/emacs-doc-21.4-26.2mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/emacs-el-21.4-26.2mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/emacs-leim-21.4-26.2mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/i586/media/main/updates/emacs-nox-21.4-26.2mdv2007.1.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/SRPMS/main/updates/emacs-21.4-26.2mdv2007.1.src.rpm X86_64 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/emacs-21.4-26.2mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/emacs-X11-21.4-26.2mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/emacs-doc-21.4-26.2mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/emacs-el-21.4-26.2mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/emacs-leim-21.4-26.2mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/x86_64/media/main/updates/emacs-nox-21.4-26.2mdv2007.1.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2007.1/SRPMS/main/updates/emacs-21.4-26.2mdv2007.1.src.rpm Mandriva Linux 2008.0 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/i586/media/main/updates/emacs-22.1-5.1mdv2008.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/i586/media/main/updates/emacs-common-22.1-5.1mdv2008.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/i586/media/main/updates/emacs-doc-22.1-5.1mdv2008.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/i586/media/main/updates/emacs-el-22.1-5.1mdv2008.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/i586/media/main/updates/emacs-gtk-22.1-5.1mdv2008.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/i586/media/main/updates/emacs-leim-22.1-5.1mdv2008.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/i586/media/main/updates/emacs-nox-22.1-5.1mdv2008.0.i586.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/SRPMS/main/updates/emacs-22.1-5.1mdv2008.0.src.rpm X86_64 ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/x86_64/media/main/updates/emacs-22.1-5.1mdv2008.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/x86_64/media/main/updates/emacs-common-22.1-5.1mdv2008.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/x86_64/media/main/updates/emacs-doc-22.1-5.1mdv2008.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/x86_64/media/main/updates/emacs-el-22.1-5.1mdv2008.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/x86_64/media/main/updates/emacs-gtk-22.1-5.1mdv2008.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/x86_64/media/main/updates/emacs-leim-22.1-5.1mdv2008.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/x86_64/media/main/updates/emacs-nox-22.1-5.1mdv2008.0.x86_64.rpm ftp://ftp.cica.es/pub/Linux/Mandrakelinux/official/updates/2008.0/SRPMS/main/updates/emacs-22.1-5.1mdv2008.0.src.rpm Corporate Server 4.0 corporate/4.0/i586/emacs-21.4-20.2.20060mlcs4.i586.rpm corporate/4.0/i586/emacs-X11-21.4-20.2.20060mlcs4.i586.rpm corporate/4.0/i586/emacs-doc-21.4-20.2.20060mlcs4.i586.rpm corporate/4.0/i586/emacs-el-21.4-20.2.20060mlcs4.i586.rpm corporate/4.0/i586/emacs-leim-21.4-20.2.20060mlcs4.i586.rpm corporate/4.0/i586/emacs-nox-21.4-20.2.20060mlcs4.i586.rpm corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm X86_64 corporate/4.0/x86_64/emacs-21.4-20.2.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/emacs-X11-21.4-20.2.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/emacs-doc-21.4-20.2.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/emacs-el-21.4-20.2.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/emacs-leim-21.4-20.2.20060mlcs4.x86_64.rpm corporate/4.0/x86_64/emacs-nox-21.4-20.2.20060mlcs4.x86_64.rpm corporate/4.0/SRPMS/emacs-21.4-20.2.20060mlcs4.src.rpm Corporate Server 3.0 corporate/3.0/i586/emacs-21.3-9.3.C30mdk.i586.rpm corporate/3.0/i586/emacs-X11-21.3-9.3.C30mdk.i586.rpm corporate/3.0/i586/emacs-el-21.3-9.3.C30mdk.i586.rpm corporate/3.0/i586/emacs-leim-21.3-9.3.C30mdk.i586.rpm corporate/3.0/i586/emacs-nox-21.3-9.3.C30mdk.i586.rpm corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm X86_64 corporate/3.0/x86_64/emacs-21.3-9.3.C30mdk.x86_64.rpm corporate/3.0/x86_64/emacs-X11-21.3-9.3.C30mdk.x86_64.rpm corporate/3.0/x86_64/emacs-el-21.3-9.3.C30mdk.x86_64.rpm corporate/3.0/x86_64/emacs-leim-21.3-9.3.C30mdk.x86_64.rpm corporate/3.0/x86_64/emacs-nox-21.3-9.3.C30mdk.x86_64.rpm corporate/3.0/SRPMS/emacs-21.3-9.3.C30mdk.src.rpm |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2007-5795 |
| BID | 26327 |
Recursos adicionales |
|
|
Mandriva Security Advisory (MDVSA-2008:034) http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:034 |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2008-02-05 |