CVE-2012-0035

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
eric_m_ludlamcedet
𝑥
≤ 1.0
eric_m_ludlamcedet
1.0:beta1
eric_m_ludlamcedet
1.0:beta2
eric_m_ludlamcedet
1.0:beta3
eric_m_ludlamcedet
1.0:pre1
eric_m_ludlamcedet
1.0:pre2
eric_m_ludlamcedet
1.0:pre3
eric_m_ludlamcedet
1.0:pre4
eric_m_ludlamcedet
1.0:pre6
eric_m_ludlamcedet
1.0:pre7
gnuemacs
𝑥
≤ 23.3
gnuemacs
20.0
gnuemacs
20.1
gnuemacs
20.2
gnuemacs
20.3
gnuemacs
20.4
gnuemacs
20.5
gnuemacs
20.6
gnuemacs
20.7
gnuemacs
21.1
gnuemacs
21.2
gnuemacs
21.2.1
gnuemacs
21.3
gnuemacs
21.3.1
gnuemacs
21.4
gnuemacs
22.1
gnuemacs
22.2
gnuemacs
22.3
gnuemacs
23.1
gnuemacs
23.2
gnuemacs
23.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cedet
hardy
ignored
lucid
ignored
maverick
ignored
natty
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
emacs22
hardy
ignored
lucid
not-affected
maverick
not-affected
natty
dne
oneiric
dne
precise
dne
quantal
dne
raring
dne
saucy
dne
emacs23
hardy
dne
lucid
not-affected
maverick
not-affected
natty
ignored
oneiric
Fixed 23.3+1-1ubuntu4.1
released
precise
Fixed 23.3+1-1ubuntu9.1
released
quantal
not-affected
raring
not-affected
saucy
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
emacs
suse enterprise desktop 15
25.3-1.124
fixed
suse enterprise desktop 15 SP1
25.3-3.3.18
fixed
suse enterprise desktop 15 SP2
25.3-3.3.18
fixed
suse enterprise sap 12 SP5
24.3-25.3.1
fixed
suse enterprise sap 15
25.3-1.124
fixed
suse enterprise sap 15 SP1
25.3-3.3.18
fixed
suse enterprise sap 15 SP2
25.3-3.3.18
fixed
suse enterprise server 12
24.3-14.44
fixed
suse enterprise server 12 SP1
24.3-14.44
fixed
suse enterprise server 12 SP2
24.3-16.32
fixed
suse enterprise server 12 SP4
24.3-25.3.1
fixed
suse enterprise server 12 SP5
24.3-25.3.1
fixed
suse enterprise server 15
25.3-1.124
fixed
suse enterprise server 15 SP1
25.3-3.3.18
fixed
suse enterprise server 15 SP2
25.3-3.3.18
fixed
emacs-el
suse enterprise desktop 15
25.3-1.124
fixed
suse enterprise desktop 15 SP1
25.3-3.3.18
fixed
suse enterprise desktop 15 SP2
25.3-3.3.18
fixed
suse enterprise sap 12 SP5
24.3-25.3.1
fixed
suse enterprise sap 15
25.3-1.124
fixed
suse enterprise sap 15 SP1
25.3-3.3.18
fixed
suse enterprise sap 15 SP2
25.3-3.3.18
fixed
suse enterprise server 12
24.3-14.44
fixed
suse enterprise server 12 SP1
24.3-14.44
fixed
suse enterprise server 12 SP2
24.3-16.32
fixed
suse enterprise server 12 SP4
24.3-25.3.1
fixed
suse enterprise server 12 SP5
24.3-25.3.1
fixed
suse enterprise server 15
25.3-1.124
fixed
suse enterprise server 15 SP1
25.3-3.3.18
fixed
suse enterprise server 15 SP2
25.3-3.3.18
fixed
emacs-info
suse enterprise desktop 15
25.3-1.124
fixed
suse enterprise desktop 15 SP1
25.3-3.3.18
fixed
suse enterprise desktop 15 SP2
25.3-3.3.18
fixed
suse enterprise sap 12 SP5
24.3-25.3.1
fixed
suse enterprise sap 15
25.3-1.124
fixed
suse enterprise sap 15 SP1
25.3-3.3.18
fixed
suse enterprise sap 15 SP2
25.3-3.3.18
fixed
suse enterprise server 12
24.3-14.44
fixed
suse enterprise server 12 SP1
24.3-14.44
fixed
suse enterprise server 12 SP2
24.3-16.32
fixed
suse enterprise server 12 SP4
24.3-25.3.1
fixed
suse enterprise server 12 SP5
24.3-25.3.1
fixed
suse enterprise server 15
25.3-1.124
fixed
suse enterprise server 15 SP1
25.3-3.3.18
fixed
suse enterprise server 15 SP2
25.3-3.3.18
fixed
emacs-nox
suse enterprise desktop 15
25.3-1.124
fixed
suse enterprise desktop 15 SP1
25.3-3.3.18
fixed
suse enterprise desktop 15 SP2
25.3-3.3.18
fixed
suse enterprise sap 12 SP5
24.3-25.3.1
fixed
suse enterprise sap 15
25.3-1.124
fixed
suse enterprise sap 15 SP1
25.3-3.3.18
fixed
suse enterprise sap 15 SP2
25.3-3.3.18
fixed
suse enterprise server 12
24.3-14.44
fixed
suse enterprise server 12 SP1
24.3-14.44
fixed
suse enterprise server 12 SP2
24.3-16.32
fixed
suse enterprise server 12 SP4
24.3-25.3.1
fixed
suse enterprise server 12 SP5
24.3-25.3.1
fixed
suse enterprise server 15
25.3-1.124
fixed
suse enterprise server 15 SP1
25.3-3.3.18
fixed
suse enterprise server 15 SP2
25.3-3.3.18
fixed
emacs-x11
suse enterprise sap 12 SP5
24.3-25.3.1
fixed
suse enterprise server 12
24.3-14.44
fixed
suse enterprise server 12 SP1
24.3-14.44
fixed
suse enterprise server 12 SP2
24.3-16.32
fixed
suse enterprise server 12 SP4
24.3-25.3.1
fixed
suse enterprise server 12 SP5
24.3-25.3.1
fixed
etags
suse enterprise desktop 15
25.3-1.124
fixed
suse enterprise desktop 15 SP1
25.3-3.3.18
fixed
suse enterprise desktop 15 SP2
25.3-3.3.18
fixed
suse enterprise sap 12 SP5
24.3-25.3.1
fixed
suse enterprise sap 15
25.3-1.124
fixed
suse enterprise sap 15 SP1
25.3-3.3.18
fixed
suse enterprise sap 15 SP2
25.3-3.3.18
fixed
suse enterprise server 12
24.3-14.44
fixed
suse enterprise server 12 SP1
24.3-14.44
fixed
suse enterprise server 12 SP2
24.3-16.32
fixed
suse enterprise server 12 SP4
24.3-25.3.1
fixed
suse enterprise server 12 SP5
24.3-25.3.1
fixed
suse enterprise server 15
25.3-1.124
fixed
suse enterprise server 15 SP1
25.3-3.3.18
fixed
suse enterprise server 15 SP2
25.3-3.3.18
fixed
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html
http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html
http://openwall.com/lists/oss-security/2012/01/10/2
http://openwall.com/lists/oss-security/2012/01/10/4
http://secunia.com/advisories/47311
http://secunia.com/advisories/47515
http://secunia.com/advisories/50801
http://sourceforge.net/mailarchive/message.php?msg_id=28649762
http://sourceforge.net/mailarchive/message.php?msg_id=28657612
http://www.mandriva.com/security/advisories?name=MDVSA-2013:076
http://www.ubuntu.com/usn/USN-1586-1
https://security.gentoo.org/glsa/201812-05
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html
http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html
http://openwall.com/lists/oss-security/2012/01/10/2
http://openwall.com/lists/oss-security/2012/01/10/4
http://secunia.com/advisories/47311
http://secunia.com/advisories/47515
http://secunia.com/advisories/50801
http://sourceforge.net/mailarchive/message.php?msg_id=28649762
http://sourceforge.net/mailarchive/message.php?msg_id=28657612
http://www.mandriva.com/security/advisories?name=MDVSA-2013:076
http://www.ubuntu.com/usn/USN-1586-1
https://security.gentoo.org/glsa/201812-05