847698 – (CVE-2012-3479) CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local variable sections, when 'enable-local-variables' set to ':safe'

Bug 847698 (CVE-2012-3479) - CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local variable sections, when 'enable-local-variables' set to ':safe'

Summary: CVE-2012-3479 emacs: Evaluation of 'eval' forms in file-local variable sectio...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-3479
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	847702
Blocks:	847705
TreeView+	depends on / blocked

Reported:	2012-08-13 09:54 UTC by Jan Lieskovsky
Modified:	2021-02-23 14:08 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-04-04 23:16:39 UTC
Embargoed:

Attachments	(Terms of Use)
Provided (from [2]) upstream patch for v23.4 version (1.37 KB, patch) 2012-08-13 09:56 UTC, Jan Lieskovsky	no flags	Details \| Diff
Provided (from [2]) upstream patch for v24.1 version (1.37 KB, patch) 2012-08-13 09:57 UTC, Jan Lieskovsky	no flags	Details \| Diff
View All

Description Jan Lieskovsky 2012-08-13 09:54:52 UTC

A security flaw was found in the file-variables code of emacs, a GNU Emacs text editor. When the Emacs user option 'enable-local-variables' was set to ':safe' (default is t), Emacs failed to refuse to evaluate 'eval' forms in file-local variable sections. A remote attacker could provide a specially-crafted file, that when processed by the Emacs Lisp plug-in would lead to arbitrary Lisp code execution with the privileges of the user running the Emacs editor, if the victim has had the 'enable-local-variables' option set to ':safe'.

Upstream bug:
[1] http://debbugs.gnu.org/cgi/bugreport.cgi?bug=12155

References:
[2] http://www.openwall.com/lists/oss-security/2012/08/13/1
[3] http://www.openwall.com/lists/oss-security/2012/08/13/2

Comment 1 Jan Lieskovsky 2012-08-13 09:56:45 UTC

Created attachment 603940 [details]
Provided (from [2]) upstream patch for v23.4 version

Comment 2 Jan Lieskovsky 2012-08-13 09:57:32 UTC

Created attachment 603943 [details]
Provided (from [2]) upstream patch for v24.1 version

Comment 3 Jan Lieskovsky 2012-08-13 09:58:20 UTC

This issue affects the versions of the emacs package, as shipped with Fedora release of 16 and 17. Please schedule an update.

Comment 4 Jan Lieskovsky 2012-08-13 09:59:19 UTC

Created emacs tracking bugs for this issue

Affects: fedora-all [bug 847702]

Comment 6 Fedora Update System 2012-08-22 20:58:01 UTC

emacs-23.3-10.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2012-08-22 21:08:40 UTC

emacs-24.1-4.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Stefan Cornelius 2012-08-29 09:36:31 UTC

Statement:

Not vulnerable. This issue did not affect the versions of emacs as shipped with Red Hat Enterprise Linux 5 and 6.

Note You need to log in before you can comment on or make changes to this bug.