Download
| Alert*
|
oval:org.secpod.oval:def:700037
Dan Rosenberg discovered that the email helper in Emacs did not correctly check file permissions. A local attacker could perform a symlink race to read or append to another user"s mailbox if it was stored under a group-writable group-"mail" directory. oval:org.secpod.oval:def:300292 A vulnerability has been found and corrected in emacs: lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks . Packages for 2008.0 and 2009.0 are provided due to the Ext ... |
