Vulnerabilities > CVE-2003-1232 - Local Variable Arbitrary Command Execution vulnerability in GNU Emacs 21.2.1
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
Exploit-Db
description | Emacs 2.1 Local Variable Arbitrary Command Execution Vulnerability. CVE-2003-1232. Local exploit for linux platform |
id | EDB-ID:26492 |
last seen | 2016-02-03 |
modified | 2002-12-31 |
published | 2002-12-31 |
reporter | Georgi Guninski |
source | https://www.exploit-db.com/download/26492/ |
title | Emacs 2.1 - Local Variable Arbitrary Command Execution Vulnerability |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286183
- http://groups.google.com/group/gnu.emacs.bug/browse_frm/thread/9424ec1b2fdae321/c691a2da8904db0f?hl=en&lr=&ie=UTF-8&oe=UTF-8&rnum=1&prev=/groups%3Fq%3Dguninski%2Bemacs%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26selm%3Dmailman.763.1041357806.19936.bug-gnu-emacs%2540gnu.org%26rnum%3D1#c691a2da8904db0f
- http://lists.grok.org.uk/pipermail/full-disclosure/2003-May/005089.html
- http://secunia.com/advisories/17496
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:208
- http://www.securityfocus.com/bid/15375