FrSIRT - Fedora Security Update Fixes GNU Emacs Security Bypass Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes GNU Emacs Security Bypass Vulnerability

Title : Fedora Security Update Fixes GNU Emacs Security Bypass Vulnerability
Advisory ID : FrSIRT/ADV-2007-3912
CVE ID : CVE-2007-5795
Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-11-20

Advisory Details

Description

Affected Products

Solution

References

Technical Description

A vulnerability has been identified in Fedora, which could be exploited by attackers to bypass security restrictions [...]

Solution

Upgrade the affected packages :

98594d383704a50c85318a126c76f2c3c58f207e emacs-22.1-5.fc7.ppc64.rpm
9d41ebd19f91c2770033175586492b58242a8d23 emacs-common-22.1-5.fc7.ppc64.rpm
53995dc81ee627c48d16ce21cb9ef6e5d3cf2dc3 emacs-nox-22.1-5.fc7.ppc64.rpm
07ec663f4d4f91b7ce3e4c7914039b6489f320e3 emacs-debuginfo-22.1-5.fc7.ppc64.rpm
6e70d4d169dbf60f6ca49a86478eac16d580e028 emacs-el-22.1-5.fc7.ppc64.rpm
a35026bf40af6317f5206fda6691e667b669ff89 emacs-22.1-5.fc7.i386.rpm
af5511c7af708c278ee369650afd4547d08cd691 emacs-nox-22.1-5.fc7.i386.rpm
240a32962b5e10e3838031b9db97e93cdf5c553f emacs-debuginfo-22.1-5.fc7.i386.rpm
420c694a8428cc48803c567df03712e6278111dc emacs-common-22.1-5.fc7.i386.rpm
24410fdd05874e6f56f59fa50a80f8d976d8fa97 emacs-el-22.1-5.fc7.i386.rpm
c9ea3853f1345665c19d47fd6128ee5ed4a5aa38 emacs-common-22.1-5.fc7.x86_64.rpm
3809c898a47ec050ba4b1c55f93021a972bc18a7 emacs-22.1-5.fc7.x86_64.rpm
0cf41ffc198c1a9289468fa5ffefb63536fbf33e emacs-el-22.1-5.fc7.x86_64.rpm
a7527a5139411e9bc7009e0f7a321495cc5e1cd0 emacs-debuginfo-22.1-5.fc7.x86_64.rpm
39acd65e3cef7477cda4e83b139dcf943674b3cb emacs-nox-22.1-5.fc7.x86_64.rpm
659f72ecfc4f2b402b56d5b7d33bcda9aa0e6179 emacs-el-22.1-5.fc7.ppc.rpm
ff3f1c5423bcd6815b3e79b50cc0a7b5307d44ce emacs-22.1-5.fc7.ppc.rpm
f020da57d704a19865fc8e1679af5e4a30fe49a5 emacs-nox-22.1-5.fc7.ppc.rpm
e34f412a150eec7aba31092c6e6c0c60ad5daff6 emacs-common-22.1-5.fc7.ppc.rpm
9420b0a8646cd2fc8b8ca8d94f87548441f43b95 emacs-debuginfo-22.1-5.fc7.ppc.rpm
06ff6e4fb3d1d4ddbc6347e2a54b2a8d96940302 emacs-22.1-5.fc7.src.rpm

c1e0034a6635e2da30fc539d19ff642e5cbf3796 emacs-el-22.1-8.fc8.ppc64.rpm
01ed0c587b59f3654054d88db54e5723a5dbc007 emacs-debuginfo-22.1-8.fc8.ppc64.rpm
5e5221f9f6885db39769ac331f9d0c44e569dab8 emacs-common-22.1-8.fc8.ppc64.rpm
0cd0c73e830de77232badb7140aeeb708e5dc51a emacs-22.1-8.fc8.ppc64.rpm
633401bbf469c1fddbf4d914270b4cefdfee8cc4 emacs-nox-22.1-8.fc8.ppc64.rpm
857651ca84a073485c8e271c2fcd7405951459dd emacs-debuginfo-22.1-8.fc8.i386.rpm
3a470676945503fcbcf74665cfb4282cf007a616 emacs-nox-22.1-8.fc8.i386.rpm
12055d54cbb670c9a916ff4908638f4804369de5 emacs-el-22.1-8.fc8.i386.rpm
22d7cd097a1b5cb7dcfb3d9c292a175884735b37 emacs-common-22.1-8.fc8.i386.rpm
d1c16cdad67cd9849540022e51f5ce6b1a3d764e emacs-22.1-8.fc8.i386.rpm
2b8494d9b8bc43823b6c3759e97f5bd8e7133ae2 emacs-el-22.1-8.fc8.x86_64.rpm
c972701d3ebeb7975574b26e2b83568505c6b287 emacs-22.1-8.fc8.x86_64.rpm
6dfe7d0f11a02965dfbbfdf2f3b8d205ba1da098 emacs-debuginfo-22.1-8.fc8.x86_64.rpm
dadc7c34bd33fbf57fc51e051cb0e94bea8b7c71 emacs-common-22.1-8.fc8.x86_64.rpm
d0d0856323e00ba182b5862f3e51113ef447fcdb emacs-nox-22.1-8.fc8.x86_64.rpm
f574918bf01c1b633f6d64aa1cf14ce1d46f6856 emacs-el-22.1-8.fc8.ppc.rpm
c5da646527fcb265d793f83e7c22695eb0af48ee emacs-common-22.1-8.fc8.ppc.rpm
6f908b7e1bec893b8d06cfee09a5bfdba56ca291 emacs-nox-22.1-8.fc8.ppc.rpm
0a2c80abe3ce9ed544ff5eb25a8ba0caccbae858 emacs-22.1-8.fc8.ppc.rpm
241d11621162b80254876d0225736f088408a184 emacs-debuginfo-22.1-8.fc8.ppc.rpm
78711155481c0ab2f8f381360e36ce920370f11d emacs-22.1-8.fc8.src.rpm

ChangeLog

2007-11-20 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Firefox Unspecified Remote Command Execution Vulnerability
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues

	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Remote Command Execution and SQL Injection Vulnerabilities

	Sun Solaris Tomcat JSP/Servlet Container Multiple Vulnerabilities
	Sun Java System Access Manager XSLT Code Execution Vulnerability
	Sun Solaris 10 Adobe Reader Multiple Code Execution Vulnerabilities
	Sun Solaris "snmpXdmid" Packet Handling Denial of Service Vulnerability
	Sun Solaris FreeType2 Library Multiple Memory Corruption Vulnerabilities
	Sun Java System Calendar Server Denial of Service Vulnerability
	Sun Solaris SMA SNMPv3 Authentication Bypass Vulnerability