Red Hat Bugzilla – Bug 462694
CVE-2008-3949 emacs: Python interactive shell arbitrary code execution
Last modified: 2010-04-19 18:01:04 EDT
Chong Yidong has reported the following security vulnerability present
in Emacs Python mode (Emacs mode allowing to launch interactive Python
Emacs allows the user to launch an interactive Python process. When
this process is started, Emacs automatically sends it the line
which imports a script named emacs.py which is distributed with Emacs.
This script is typically located in a write-protected installation
directory, together with other Emacs program files; it provides various
functions to help the Python process communicate with Emacs. Upon
running, emacs.py imports other Python modules which are not built-in:
import os, sys, traceback, inspect, __main__
The vulnerability arises because Python, by default, prepends '' to the
module search path, so modules are looked for in the current directory.
If the user opens a Python file in a world-writable directory, an
attacker could insert malicious code by adding fake modules to that
directory, such as a fake emacs.py or inspect.py.
Affected versions: emacs-22.*. +
This issue does NOT affect the versions of the emacs package, as shipped
with Red Hat Enterprise Linux 2.1, 3, 4 and 5.
This issue AFFECTS the versions of the emacs packages, as shipped within
Fedora releases of 8, 9 and 10.
Issue was addressed upstream in version 22.3:
Fedora 11 and higher contain Emacs 23.1, so this issue has been corrected.