Описание
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| emacs23 | removed | package | ||
| emacs23 | no-dsa | wheezy | package | |
| emacs23 | no-dsa | squeeze | package | |
| emacs24 | fixed | 24.3+1-4 | package | |
| xemacs21-packages | not-affected | package |
Примечания
http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html
EPSS
Связанные уязвимости
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.
EPSS