Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-1000383

Опубликовано: 31 окт. 2017
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.

It was found that emacs applies the opened file read permissions to the swap file, overriding the process' umask. An attacker might search for vim swap files, that were not deleted properly, in order to retrieve sensible data.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5emacsWill not fix
Red Hat Enterprise Linux 6emacsWill not fix
Red Hat Enterprise Linux 7emacsWill not fix
Red Hat Enterprise Linux 9emacsAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-266
https://bugzilla.redhat.com/show_bug.cgi?id=1508788emacs: Ignores umask when creating a swap file

EPSS

Процентиль: 35%
0.00142
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-1000383

CVSS3: 5.5
ubuntu
больше 8 лет назад

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.

nvd логотип

CVE-2017-1000383

CVSS3: 5.5
nvd
больше 8 лет назад

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.

debian логотип

CVE-2017-1000383

CVSS3: 5.5
debian
больше 8 лет назад

GNU Emacs version 25.3.1 (and other versions most likely) ignores umas ...

github логотип

GHSA-7mwh-4vfp-mr6c

CVSS3: 5.5
github
больше 3 лет назад

GNU Emacs version 25.3.1 (and other versions most likely) ignores umask when creating a backup save file ("[ORIGINAL_FILENAME]~") resulting in files that may be world readable or otherwise accessible in ways not intended by the user running the emacs binary.

EPSS

Процентиль: 35%
0.00142
Низкий

5.5 Medium

CVSS3