GNU Emacs本地窃听漏洞

漏洞信息详情

GNU Emacs本地窃听漏洞

• CNNVD编号：CNNVD-200004-044
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2000-0269
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2000-04-18
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  gnu
• 漏洞来源：
  This vulnerability…

Emacs 20存在漏洞，它在启动新的子进程时没有为从设备PTY正确设置权限，本地用户可以利用这个漏洞读取或修改Emacs与子进程间的通信。

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com. It has been indicated that a new release, 20.7, will likely be released to remedy this, and other, problems.
A patch was included with the advisory which reported this vulnerability. It fixes this and other vulnerabilities.
GNU Emacs 20.6

• RUS-Cert emacs-20.6-patch
  
  http://www.securityfocus.com/data/vulnerabilities/patches/emacs-20.6-p
  atch

来源: BID
名称: 1125
链接:http://www.securityfocus.com/bid/1125

来源: BUGTRAQ
名称: 20000418 R来源:US-CERT Advisory 200004-01: GNU Emacs 20
链接:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de