Debian Security Advisory DSA 670-1 (emacs20) Network Vulnerability

Summary

The remote host is missing an update to emacs20 announced via advisory DSA 670-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20670-1

Insight

Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs, the well-known editor. Via connecting to a malicious POP server an attacker can execute arbitrary code under the privileges of group mail. For the stable distribution (woody) these problems have been fixed in version 20.7-13.3. The unstable distribution (sid) does not contain an Emacs20 package anymore. We recommend that you upgrade your emacs packages.

Severity

Classification

CVE CVE-2005-0100
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1049-1 (ethereal)
Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips)
Debian Security Advisory DSA 091-1 (ssh)
Debian Security Advisory DSA 099-1 (XChat)
Debian Security Advisory DSA 028-1 (man-db)

Take action and discover your vulnerabilities