CVE-2008-2142

EUVD-2008-2139
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
gnuemacs
21.3.1
gnuxemacs
*
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xemacs21-packages
bookworm
2009.02.17.dfsg.3-1
fixed
bullseye
2009.02.17.dfsg.2-5
fixed
etch
no-dsa
lenny
no-dsa
sid
2009.02.17.dfsg.3-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
emacs21
dapper
ignored
feisty
ignored
gutsy
ignored
hardy
ignored
intrepid
not-affected
jaunty
not-affected
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
emacs22
dapper
dne
feisty
dne
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
ignored
maverick
ignored
natty
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
xemacs21-packages
dapper
ignored
feisty
ignored
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
precise
not-affected
quantal
not-affected
raring
not-affected
saucy
not-affected
References
http://lists.gnu.org/archive/html/emacs-devel/2008-05/msg00645.html
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
http://secunia.com/advisories/30199
http://secunia.com/advisories/30216
http://secunia.com/advisories/30303
http://secunia.com/advisories/30581
http://secunia.com/advisories/30827
http://secunia.com/advisories/34004
http://security.gentoo.org/glsa/glsa-200902-06.xml
http://thread.gmane.org/gmane.emacs.devel/96903
http://tracker.xemacs.org/XEmacs/its/issue378
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0177
http://www.mandriva.com/security/advisories?name=MDVSA-2008:153
http://www.mandriva.com/security/advisories?name=MDVSA-2008:154
http://www.securityfocus.com/archive/1/492657/100/0/threaded
http://www.securityfocus.com/bid/29176
http://www.securitytracker.com/id?1020019
http://www.vupen.com/english/advisories/2008/1539/references
http://www.vupen.com/english/advisories/2008/1540/references
https://bugs.gentoo.org/show_bug.cgi?id=221197
https://exchange.xforce.ibmcloud.com/vulnerabilities/42362
https://issues.rpath.com/browse/RPL-2529
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00736.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00782.html
http://lists.gnu.org/archive/html/emacs-devel/2008-05/msg00645.html
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html
http://secunia.com/advisories/30199
http://secunia.com/advisories/30216
http://secunia.com/advisories/30303
http://secunia.com/advisories/30581
http://secunia.com/advisories/30827
http://secunia.com/advisories/34004
http://security.gentoo.org/glsa/glsa-200902-06.xml
http://thread.gmane.org/gmane.emacs.devel/96903
http://tracker.xemacs.org/XEmacs/its/issue378
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0177
http://www.mandriva.com/security/advisories?name=MDVSA-2008:153
http://www.mandriva.com/security/advisories?name=MDVSA-2008:154
http://www.securityfocus.com/archive/1/492657/100/0/threaded
http://www.securityfocus.com/bid/29176
http://www.securitytracker.com/id?1020019
http://www.vupen.com/english/advisories/2008/1539/references
http://www.vupen.com/english/advisories/2008/1540/references
https://bugs.gentoo.org/show_bug.cgi?id=221197
https://exchange.xforce.ibmcloud.com/vulnerabilities/42362
https://issues.rpath.com/browse/RPL-2529
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00736.html
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00782.html