Bug 415751 - (CVE-2007-6109) CVE-2007-6109 Emacs buffer overflows
CVE-2007-6109 Emacs buffer overflows
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
http://nvd.nist.gov/nvd.cfm?cvename=C...
impact=none,source=vendor-sec,public=...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-07 10:56 EST by Lubomir Kundrak
Modified: 2007-12-10 05:13 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-12-07 11:01:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch used by SuSE (3.24 KB, patch)
2007-12-10 05:13 EST, Tomas Hoger
no flags Details | Diff

  None (edit)
Description Lubomir Kundrak 2007-12-07 10:56:31 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6109 to the following vulnerability:

Buffer overflow in emacs allows attackers to have an unknown impact, as demonstrated via a vector involving the command line.

References:

http://www.novell.com/linux/security/advisories/2007_25_sr.html
Comment 1 Lubomir Kundrak 2007-12-07 11:01:25 EST
To exploit this the user would have to be convinced to run an untrusted el script.

Red Hat does not consider this issue to be a security vulnerability since no
trust boundary is crossed. The user must voluntarily interact with the attack
mechanism to exploit this flaw, with the result being the ability to run code as
themselves.
Comment 5 Tomas Hoger 2007-12-10 05:13:26 EST
Created attachment 282581 [details]
Patch used by SuSE

Note You need to log in before you can comment on or make changes to this bug.