Description
lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.
Affected products
- gnu / emacs22.1 – 22.1
- gnu / emacs22.2 – 22.2
- gnu / emacs22.3 – 22.3
- gnu / emacs23.1 – 23.1
References
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:083
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/57457
- VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-919-1
- VENDOR_ADVISORYhttp://secunia.com/advisories/39155
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/0734
- MISChttps://bugs.launchpad.net/ubuntu/+bug/531569
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/0952