Bug 462694 - (CVE-2008-3949) CVE-2008-3949 emacs: Python interactive shell arbitrary code execution
CVE-2008-3949 emacs: Python interactive shell arbitrary code execution
Status: CLOSED UPSTREAM
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
source=vendor-sec,reported=20080902,p...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-09-18 08:19 EDT by Jan Lieskovsky
Modified: 2010-04-19 18:01 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-04-19 18:01:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2008-09-18 08:19:15 EDT
Chong Yidong has reported the following security vulnerability present
in Emacs Python mode (Emacs mode allowing to launch interactive Python 
shell):

Emacs allows the user to launch an interactive Python process.  When
this process is started, Emacs automatically sends it the line

import emacs

which imports a script named emacs.py which is distributed with Emacs.
This script is typically located in a write-protected installation
directory, together with other Emacs program files; it provides various
functions to help the Python process communicate with Emacs.  Upon
running, emacs.py imports other Python modules which are not built-in:

import os, sys, traceback, inspect, __main__


The vulnerability arises because Python, by default, prepends '' to the
module search path, so modules are looked for in the current directory.
If the user opens a Python file in a world-writable directory, an
attacker could insert malicious code by adding fake modules to that
directory, such as a fake emacs.py or inspect.py.

Affected versions: emacs-22.*. +

Proposed patch: 

http://cvs.savannah.gnu.org/viewvc/emacs/lisp/progmodes/python.el?root=emacs&r1=1.89&r2=1.90
Comment 1 Jan Lieskovsky 2008-09-18 08:21:19 EDT
This issue does NOT affect the versions of the emacs package, as shipped
with Red Hat Enterprise Linux 2.1, 3, 4 and 5.

This issue AFFECTS the versions of the emacs packages, as shipped within
Fedora releases of 8, 9 and 10.
Comment 2 Tomas Hoger 2008-09-30 05:13:42 EDT
Issue was addressed upstream in version 22.3:
http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00215.html
Comment 3 Vincent Danen 2010-04-19 18:01:04 EDT
Fedora 11 and higher contain Emacs 23.1, so this issue has been corrected.

Note You need to log in before you can comment on or make changes to this bug.