CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
5.1%
vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Vendor | Product | Version | CPE |
---|---|---|---|
gnu | emacs | 20.7 | cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:* |
gnu | emacs | 21.1 | cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:* |
gnu | emacs | 21.2 | cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:* |
gnu | emacs | 21.3 | cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:* |
gnu | emacs | 21.4 | cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:* |
gnu | sccs | * | cpe:2.3:a:gnu:sccs:*:*:*:*:*:*:*:* |
bugs.gentoo.org/show_bug.cgi?id=216880
secunia.com/advisories/29905
secunia.com/advisories/29926
secunia.com/advisories/30109
www.mandriva.com/security/advisories?name=MDVSA-2008:096
www.securityfocus.com/bid/28857
www.securitytracker.com/id?1019909
www.vupen.com/english/advisories/2008/1309/references
www.vupen.com/english/advisories/2008/1310/references
bugzilla.redhat.com/show_bug.cgi?id=208483
exchange.xforce.ibmcloud.com/vulnerabilities/41906
usn.ubuntu.com/607-1/