Vulnerabilities > CVE-2012-3479 - Remote Code Execution vulnerability in GNU Emacs 'enable-local-variables'

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
gnu
nessus
NVD
Published: 2012-08-25
Updated: 2013-12-13

Summary

lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file.

Vulnerable Configurations

Part Description Count
Application
Gnu
4

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2012-710.NASL
    descriptionThis update fixes the following issues for emacs, emacs-w3, gnuplot and ddskk: emacs : - Add fix for bnc#775993 which disable arbitrary lisp code execution when
    last seen2020-06-05
    modified2014-06-13
    plugin id74780
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74780
    titleopenSUSE Security Update : emacs and depending packages (openSUSE-SU-2012:1348-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2013-076.NASL
    descriptionUpdated emacs packages fix security vulnerabilities : Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file (CVE-2012-0035). lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file (CVE-2012-3479). Additionally a problem was fixed reading xz compressed files (mga#7759).
    last seen2020-06-01
    modified2020-06-02
    plugin id66090
    published2013-04-20
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/66090
    titleMandriva Linux Security Advisory : emacs (MDVSA-2013:076)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-11876.NASL
    descriptionCVE-2012-3479 emacs: Evaluation of
    last seen2020-03-17
    modified2012-08-23
    plugin id61634
    published2012-08-23
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61634
    titleFedora 17 : emacs-24.1-4.fc17 (2012-11876)
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS11_EMACS_20140731.NASL
    descriptionThe remote Solaris system is missing necessary patches to address security updates : - lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code via a crafted file. (CVE-2012-3479)
    last seen2020-06-01
    modified2020-06-02
    plugin id80603
    published2015-01-19
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/80603
    titleOracle Solaris Third-Party Patch Update : emacs (cve_2012_3479_arbitrary_code)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201403-05.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201403-05 (GNU Emacs: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GNU Emacs: When ‘global-ede-mode’ is enabled, EDE in Emacs automatically loads a Project.ede file from the project directory (CVE-2012-0035). When ‘enable-local-variables’’ is set to ‘:safe’, Emacs automatically processes eval forms (CVE-2012-3479). Impact : A remote attacker could entice a user to open a specially crafted file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id73127
    published2014-03-21
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/73127
    titleGLSA-201403-05 : GNU Emacs: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_C1E5F35EF93D11E1B07F00235A5F2C9A.NASL
    descriptionChong Yidong reports : Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the Emacs user option `enable-local-variables
    last seen2020-06-01
    modified2020-06-02
    plugin id62023
    published2012-09-10
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62023
    titleFreeBSD : emacs -- remote code execution vulnerability (c1e5f35e-f93d-11e1-b07f-00235a5f2c9a)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2012-228-02.NASL
    descriptionNew emacs packages are available for Slackware 13.1, 13.37, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id61553
    published2012-08-16
    reporterThis script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61553
    titleSlackware 13.1 / 13.37 / current : emacs (SSA:2012-228-02)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1586-1.NASL
    descriptionHiroshi Oota discovered that Emacs incorrectly handled search paths. If a user were tricked into opening a file with Emacs, a local attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. (CVE-2012-0035) Paul Ling discovered that Emacs incorrectly handled certain eval forms in local-variable sections. If a user were tricked into opening a specially crafted file with Emacs, a remote attacker could execute arbitrary Lisp code with the privileges of the user invoking the program. (CVE-2012-3479). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id62365
    published2012-09-28
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/62365
    titleUbuntu 11.10 / 12.04 LTS : emacs23 vulnerabilities (USN-1586-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2012-11872.NASL
    descriptionCVE-2012-3479 emacs: Evaluation of
    last seen2020-03-17
    modified2012-08-23
    plugin id61633
    published2012-08-23
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/61633
    titleFedora 16 : emacs-23.3-10.fc16 (2012-11872)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2603.NASL
    descriptionPaul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to
    last seen2020-03-17
    modified2013-01-10
    plugin id63456
    published2013-01-10
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/63456
    titleDebian DSA-2603-1 : emacs23 - programming error

References