Bug 415751 (CVE-2007-6109)

Summary: CVE-2007-6109 Emacs buffer overflows
Product: [Other] Security Response Reporter: Lubomir Kundrak <lkundrak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: coldwell, thoger
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6109
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-12-07 16:01:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch used by SuSE none

Description Lubomir Kundrak 2007-12-07 15:56:31 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6109 to the following vulnerability:

Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line.

References:

http://www.novell.com/linux/security/advisories/2007_25_sr.html
Comment 1 Lubomir Kundrak 2007-12-07 16:01:25 UTC 
To exploit this the user would have to be convinced to run an untrusted el script.

Red Hat does not consider this issue to be a security vulnerability since no
trust boundary is crossed. The user must voluntarily interact with the attack
mechanism to exploit this flaw, with the result being the ability to run code as
themselves.
Comment 5 Tomas Hoger 2007-12-10 10:13:26 UTC 
Created attachment 282581 [details]
Patch used by SuSE