FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-3949

This CVE name corresponds to:

Entered Topic
2008-11-07 emacs -- run-python vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-3949 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-3949
Phase Assigned(20080905)

Description

emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.

References

Source Reference
MLIST [emacs-devel] 20080905 Vulnerability in Emacs python integration
GENTOO GLSA-200902-06
MANDRIVA MDVSA-2008:216
SUSE SUSE-SR:2008:018
CONFIRM https://bugzilla.novell.com/show_bug.cgi?id=424340
BID 31052
SECUNIA 31982
SECUNIA 34004
XF emacs-python-code-execution(45021)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.