Vulnerability in Gnu Emacs

CVE-2010-0825

lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.

EPSS: 0.001 (30.3th percentile) — read the EPSS interpretation.

Affected products

Gnu Emacs — versions 22.1, 23.1, 22.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

39155 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
MDVSA-2010:083 (vendor-advisory, x_refsource_MANDRIVA)
USN-919-1 (x_refsource_UBUNTU, vendor-advisory)
ADV-2010-0734 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
ADV-2010-0952 (vdb-entry, x_refsource_VUPEN)
security@ubuntu.com (x_refsource_CONFIRM)
emacs-emailhelper-symlink(57457) (vdb-entry, x_refsource_XF)