FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

emacs -- movemail format string vulnerability

Affected packages
movemail <= 1.0
emacs < 20.7_4
21.* < emacs < 21.3_4
zh-emacs < 20.7_4
21.* < zh-emacs < 21.3_4
xemacs < 21.4.17
xemacs-mule < 21.4.17
zh-xemacs < 21.4.17
zh-xemacs-mule < 21.4.17
xemacs-devel < 21.5.b19,1
xemacs-devel-21.5 = b11
xemacs-devel-mule < 21.5.b19
0 < hanemacs
0 < mule-common

Details

VuXML ID 3e3c860d-7dae-11d9-a9e7-0001020eed82
Discovery 2005-01-31
Entry 2005-02-14

Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs. They can be exploited when connecting to a malicious POP server and can allow an attacker can execute arbitrary code under the privileges of the user running Emacs.

References

Bugtraq ID 12462
CVE Name CVE-2005-0100