CVE-2007-5795 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-5795
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-5795

Description: The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/38263 UBUNTU http://www.ubuntu.com/usn/usn-541-1 SAID Secunia Advisory: SA27728 Secunia Advisory: SA27508 Secunia Advisory: SA27627 Secunia Advisory: SA27984 Secunia Advisory: SA29420 OSVDB 42060 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:034 GENTOO http://security.gentoo.org/glsa/glsa-200712-03.xml FEDORA CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=197958 http://docs.info.apple.com/article.html?artnum=307562 http://cvs.savannah.gnu.org/viewvc/emacs/emacs/lisp/files.el?r1=1.896.2.28&r2=1.896.2.29 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=449008 BID 26327 APPLE http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html

Return to the previous page.