Vulnerabilities > CVE-2005-0100 - Remote Format String vulnerability in GNU Emacs and Xemacs

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
gnu
nessus

Summary

Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-133.NASL
    descriptionUpdated XEmacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. XEmacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of XEmacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running xemacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0100 to this issue. Users of XEmacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id17190
    published2005-02-22
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17190
    titleRHEL 4 : xemacs (RHSA-2005:133)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-670.NASL
    descriptionMax Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs, the well-known editor. Via connecting to a malicious POP server an attacker can execute arbitrary code under the privileges of group mail.
    last seen2020-06-01
    modified2020-06-02
    plugin id16344
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16344
    titleDebian DSA-670-1 : emacs20 - format string
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-145.NASL
    descriptionUpdate to 21.4.17 stable release, which also fixes the CVE-2005-0100 movemail string format vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16466
    published2005-02-16
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16466
    titleFedora Core 2 : xemacs-21.4.17-0.FC2 (2005-145)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-115.NASL
    descriptionThis update fixes the CVE-2005-0100 movemail vulnerability and backports current bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16349
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16349
    titleFedora Core 2 : emacs-21.3-21.FC2 (2005-115)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_3E3C860D7DAE11D9A9E70001020EED82.NASL
    descriptionMax Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. They can be exploited when connecting to a malicious POP server and can allow an attacker can execute arbitrary code under the privileges of the user running Emacs.
    last seen2020-06-01
    modified2020-06-02
    plugin id18910
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18910
    titleFreeBSD : emacs -- movemail format string vulnerability (3e3c860d-7dae-11d9-a9e7-0001020eed82)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-110.NASL
    descriptionUpdated Emacs packages that fix a string format issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team Emacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0100 to this issue. Users of Emacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id17189
    published2005-02-22
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17189
    titleRHEL 4 : emacs (RHSA-2005:110)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-76-1.NASL
    descriptionMax Vozeler discovered a format string vulnerability in the
    last seen2020-06-01
    modified2020-06-02
    plugin id20698
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20698
    titleUbuntu 4.10 : emacs21 vulnerability (USN-76-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-112.NASL
    descriptionUpdated Emacs packages that fix a string format issue are now available. Emacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0100 to this issue. Users of Emacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id16368
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16368
    titleRHEL 2.1 / 3 : emacs (RHSA-2005:112)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-685.NASL
    descriptionMax Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs, the well-known editor. Via connecting to a malicious POP server an attacker can execute arbitrary code under the privileges of group mail.
    last seen2020-06-01
    modified2020-06-02
    plugin id17130
    published2005-02-17
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17130
    titleDebian DSA-685-1 : emacs21 - format string
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-134.NASL
    descriptionUpdated XEmacs packages that fix a string format issue are now available. XEmacs is a powerful, customizable, self-documenting, modeless text editor. Max Vozeler discovered several format string vulnerabilities in the movemail utility of XEmacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running xemacs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0100 to this issue. Users of XEmacs are advised to upgrade to these updated packages, which contain backported patches to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id16369
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16369
    titleRHEL 2.1 / 3 : xemacs (RHSA-2005:134)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-116.NASL
    descriptionThis update fixes the CVE-2005-0100 movemail vulnerability and backports the latest bug fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16350
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16350
    titleFedora Core 3 : emacs-21.3-21.FC3 (2005-116)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-038.NASL
    descriptionMax Vozeler discovered several format string vulnerabilities in the movemail utility in Emacs. If a user connects to a malicious POP server, an attacker can execute arbitrary code as the user running emacs. The updated packages have been patched to correct the problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id16473
    published2005-02-16
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16473
    titleMandrake Linux Security Advisory : emacs (MDKSA-2005:038)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-671.NASL
    descriptionMax Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs, the well-known editor. Via connecting to a malicious POP server an attacker can execute arbitrary code under the privileges of group mail.
    last seen2020-06-01
    modified2020-06-02
    plugin id16345
    published2005-02-10
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16345
    titleDebian DSA-671-1 : xemacs21 - format string
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200502-20.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200502-20 (Emacs, XEmacs: Format string vulnerabilities in movemail) Max Vozeler discovered that the movemail utility contains several format string errors. Impact : An attacker could set up a malicious POP server and entice a user to connect to it using movemail, resulting in the execution of arbitrary code with the rights of the victim user. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id16471
    published2005-02-16
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16471
    titleGLSA-200502-20 : Emacs, XEmacs: Format string vulnerabilities in movemail
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-146.NASL
    descriptionUpdate to 21.4.17 stable release, which also fixes the CVE-2005-0100 movemail string format vulnerability and the AltGr issue for European input. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id16467
    published2005-02-16
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16467
    titleFedora Core 3 : xemacs-21.4.17-0.FC3 (2005-146)

Oval

accepted2013-04-29T04:19:13.074-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionFormat string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
familyunix
idoval:org.mitre.oval:def:9408
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleFormat string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
version26

Redhat

advisories
  • rhsa
    idRHSA-2005:110
  • rhsa
    idRHSA-2005:112
  • rhsa
    idRHSA-2005:133
rpms
  • emacs-0:21.3-19.EL.1
  • emacs-common-0:21.3-19.EL.1
  • emacs-debuginfo-0:21.3-19.EL.1
  • emacs-el-0:21.3-19.EL.1
  • emacs-leim-0:21.3-19.EL.1
  • emacs-nox-0:21.3-19.EL.1
  • emacs-0:21.3-4.1
  • emacs-debuginfo-0:21.3-4.1
  • emacs-el-0:21.3-4.1
  • emacs-leim-0:21.3-4.1
  • xemacs-0:21.4.15-10.EL.1
  • xemacs-common-0:21.4.15-10.EL.1
  • xemacs-debuginfo-0:21.4.15-10.EL.1
  • xemacs-el-0:21.4.15-10.EL.1
  • xemacs-info-0:21.4.15-10.EL.1
  • xemacs-nox-0:21.4.15-10.EL.1
  • xemacs-0:21.4.13-8.ent.1
  • xemacs-debuginfo-0:21.4.13-8.ent.1
  • xemacs-el-0:21.4.13-8.ent.1
  • xemacs-info-0:21.4.13-8.ent.1