CVE-2012-0035

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2012-0035
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html
http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html Patch
http://openwall.com/lists/oss-security/2012/01/10/2 Patch
http://openwall.com/lists/oss-security/2012/01/10/4
http://secunia.com/advisories/47311 Vendor Advisory
http://secunia.com/advisories/47515 Vendor Advisory
http://secunia.com/advisories/50801
http://sourceforge.net/mailarchive/message.php?msg_id=28649762
http://sourceforge.net/mailarchive/message.php?msg_id=28657612
http://www.mandriva.com/security/advisories?name=MDVSA-2013:076
http://www.ubuntu.com/usn/USN-1586-1
https://security.gentoo.org/glsa/201812-05
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html
http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html Patch
http://openwall.com/lists/oss-security/2012/01/10/2 Patch
http://openwall.com/lists/oss-security/2012/01/10/4
http://secunia.com/advisories/47311 Vendor Advisory
http://secunia.com/advisories/47515 Vendor Advisory
http://secunia.com/advisories/50801
http://sourceforge.net/mailarchive/message.php?msg_id=28649762
http://sourceforge.net/mailarchive/message.php?msg_id=28657612
http://www.mandriva.com/security/advisories?name=MDVSA-2013:076
http://www.ubuntu.com/usn/USN-1586-1
https://security.gentoo.org/glsa/201812-05
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:eric_m_ludlam:cedet:*:*:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:beta3:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre1:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre2:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre3:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre4:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre6:*:*:*:*:*:*
cpe:2.3:a:eric_m_ludlam:cedet:1.0:pre7:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.0:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.5:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.6:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:22.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:22.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:22.3:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.1:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.2:*:*:*:*:*:*:*
cpe:2.3:a:gnu:emacs:23.4:*:*:*:*:*:*:*
History

21 Nov 2024, 01:34

Type Values Removed Values Added
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html - () http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html -
References () http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html - Patch () http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html - Patch
References () http://openwall.com/lists/oss-security/2012/01/10/2 - Patch () http://openwall.com/lists/oss-security/2012/01/10/2 - Patch
References () http://openwall.com/lists/oss-security/2012/01/10/4 - () http://openwall.com/lists/oss-security/2012/01/10/4 -
References () http://secunia.com/advisories/47311 - Vendor Advisory () http://secunia.com/advisories/47311 - Vendor Advisory
References () http://secunia.com/advisories/47515 - Vendor Advisory () http://secunia.com/advisories/47515 - Vendor Advisory
References () http://secunia.com/advisories/50801 - () http://secunia.com/advisories/50801 -
References () http://sourceforge.net/mailarchive/message.php?msg_id=28649762 - () http://sourceforge.net/mailarchive/message.php?msg_id=28649762 -
References () http://sourceforge.net/mailarchive/message.php?msg_id=28657612 - () http://sourceforge.net/mailarchive/message.php?msg_id=28657612 -
References () http://www.mandriva.com/security/advisories?name=MDVSA-2013:076 - () http://www.mandriva.com/security/advisories?name=MDVSA-2013:076 -
References () http://www.ubuntu.com/usn/USN-1586-1 - () http://www.ubuntu.com/usn/USN-1586-1 -
References () https://security.gentoo.org/glsa/201812-05 - () https://security.gentoo.org/glsa/201812-05 -
Information

Published : 2012-01-19 15:55

Updated : 2025-04-11 00:51

NVD link : CVE-2012-0035

Mitre link : CVE-2012-0035

CVE.ORG link : CVE-2012-0035

JSON object : View

Products Affected

gnu

  • emacs

eric_m_ludlam

  • cedet
CWE
NVD-CWE-Other