CVE-2014-3424

2014-05-0810:55:05

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

3.3

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:P/A:P

EPSS

Percentile

5.1%

JSON

lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/tramp.##### temporary file.

OSVersionArchitecturePackageVersionFilename
Debian12allxemacs21-packages< 2009.02.17.dfsg.3-1xemacs21-packages_2009.02.17.dfsg.3-1_all.deb
Debian11allxemacs21-packages< 2009.02.17.dfsg.2-5xemacs21-packages_2009.02.17.dfsg.2-5_all.deb
Debian999allxemacs21-packages< 2009.02.17.dfsg.3-3xemacs21-packages_2009.02.17.dfsg.3-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	xemacs21-packages	< 2009.02.17.dfsg.3-1	xemacs21-packages_2009.02.17.dfsg.3-1_all.deb
Debian	11	all	xemacs21-packages	< 2009.02.17.dfsg.2-5	xemacs21-packages_2009.02.17.dfsg.2-5_all.deb
Debian	999	all	xemacs21-packages	< 2009.02.17.dfsg.3-3	xemacs21-packages_2009.02.17.dfsg.3-3_all.deb