CVE-2008-1694 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.6 UNKNOWN	LOCAL	LOW		AV:L/AC:L/Au:N/C:P/I:P/A:P
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 18%

Vendor	Product	Version
gnu	emacs	20.7
gnu	emacs	21.1
gnu	emacs	21.2
gnu	emacs	21.3
gnu	emacs	21.4
gnu	sccs	*

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

xemacs21

bullseye	21.4.24-9 fixed
etch	no-dsa
bookworm	21.4.24-11 fixed
sid	21.4.24-12 fixed

Ubuntu Releases

Ubuntu Product

Codename

emacs21

karmic	dne
jaunty	not-affected
intrepid	not-affected
hardy	Fixed 21.4a+1-5.3ubuntu1.1 released
gutsy	Fixed 21.4a+1-5ubuntu4.1 released
feisty	Fixed 21.4a+1-2ubuntu1.2 released
dapper	Fixed 21.4a-3ubuntu2.2 released

emacs22

karmic	Fixed 22.2-0ubuntu2 released
jaunty	Fixed 22.2-0ubuntu2 released
intrepid	Fixed 22.2-0ubuntu2 released
hardy	Fixed 22.1-0ubuntu10.1 released
gutsy	Fixed 22.1-0ubuntu5.2 released
feisty	dne
dapper	dne

xemacs21

karmic	not-affected
jaunty	not-affected
intrepid	not-affected
hardy	Fixed 21.4.21-1ubuntu3.1 released
gutsy	Fixed 21.4.20-1.1ubuntu0.1 released
feisty	Fixed 21.4.19-2ubuntu0.1 released
dapper	Fixed 21.4.18-1ubuntu1.1 released

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://bugs.gentoo.org/show_bug.cgi?id=216880

http://secunia.com/advisories/29905

http://secunia.com/advisories/29926

http://secunia.com/advisories/30109

http://www.mandriva.com/security/advisories?name=MDVSA-2008:096

http://www.securityfocus.com/bid/28857

http://www.securitytracker.com/id?1019909

http://www.vupen.com/english/advisories/2008/1309/references

http://www.vupen.com/english/advisories/2008/1310/references

https://bugzilla.redhat.com/show_bug.cgi?id=208483

https://exchange.xforce.ibmcloud.com/vulnerabilities/41906

https://usn.ubuntu.com/607-1/

http://bugs.gentoo.org/show_bug.cgi?id=216880

http://secunia.com/advisories/29905

http://secunia.com/advisories/29926

http://secunia.com/advisories/30109

http://www.mandriva.com/security/advisories?name=MDVSA-2008:096

http://www.securityfocus.com/bid/28857

http://www.securitytracker.com/id?1019909

http://www.vupen.com/english/advisories/2008/1309/references

http://www.vupen.com/english/advisories/2008/1310/references

https://bugzilla.redhat.com/show_bug.cgi?id=208483

https://exchange.xforce.ibmcloud.com/vulnerabilities/41906

https://usn.ubuntu.com/607-1/