Debian Security Advisory DSA 685-1 (emacs21) Network Vulnerability

Summary

The remote host is missing an update to emacs21 announced via advisory DSA 685-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20685-1

Insight

Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs, the well-known editor. Via connecting to a malicious POP server an attacker can execute arbitrary code under the privileges of group mail. For the stable distribution (woody) these problems have been fixed in version 21.2-1woody3. For the unstable distribution (sid) these problems have been fixed in version 21.3+1-9. We recommend that you upgrade your emacs packages.

Severity

Classification

CVE CVE-2005-0100
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 101-1 (sudo)
Debian Security Advisory DSA 013-1 (mysql)
Debian Security Advisory DSA 087-1 (wu-ftpd)
Debian Security Advisory DSA 1049-1 (ethereal)
Debian Security Advisory DSA 1018-1 (kernel-source-2.4.27)

Take action and discover your vulnerabilities