Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30719
HistoryMay 10, 2014 - 12:00 a.m.

[oss-security] CVE Request - Predictable temporary filenames in GNU Emacs

2014-05-1000:00:00
vulners.com
16
JSON

I reported these bugs on the Debian tracker on Monday:

   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747100

In brief some of the bundled Emacs Lisp uses predictable
/tmpfile names insecurely:

lisp/gnus/gnus-fun.el:
In the function `gnus-grab-cam-face` the file "/tmp/gnus.face.ppm" is
used, blindly allowing the existing file to be truncated, and symlinks
followed.

lisp/emacs-lisp/find-gc.el:
In the function `trace-call-tree` there are some horrific invocations
of the csh, which manipulate the directory and symlinks beneath "/tmp/esrc".

lisp/net/tramp.el
The function `tramp-uudecode`, a fallback if a real uudecoding binary
is not present, blindly uses "/tmp/tramp.$PID", truncating and removing
the file.

All these have been fixed now, and the GNU bug report contains
links to the commits that are appropriate:

   http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17428

Steve
http://www.steve.org.uk/

JSON