Vulnerabilites related to gnu - xemacs
cve-2008-2142
Vulnerability from cvelistv5
Published
2008-05-12 19:00
Modified
2024-08-07 08:49
Severity ?
EPSS score ?
Summary
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:58.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2008-5504",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00782.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.rpath.com/browse/RPL-2529"
},
{
"name": "ADV-2008-1539",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1539/references"
},
{
"name": "20080527 rPSA-2008-0177-1 emacs emacs-leim",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/492657/100/0/threaded"
},
{
"name": "30827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30827"
},
{
"name": "1020019",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020019"
},
{
"name": "SUSE-SR:2008:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "30199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=221197"
},
{
"name": "30303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30303"
},
{
"name": "GLSA-200902-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200902-06.xml"
},
{
"name": "30216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30216"
},
{
"name": "MDVSA-2008:154",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:154"
},
{
"name": "29176",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29176"
},
{
"name": "MDVSA-2008:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0177"
},
{
"name": "34004",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34004"
},
{
"name": "[emacs-devel] 20080510 [mwelinder@bogus.example.com: Emacs security bug]",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.gnu.org/archive/html/emacs-devel/2008-05/msg00645.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://thread.gmane.org/gmane.emacs.devel/96903"
},
{
"name": "FEDORA-2008-5446",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00736.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tracker.xemacs.org/XEmacs/its/issue378"
},
{
"name": "ADV-2008-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1540/references"
},
{
"name": "30581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30581"
},
{
"name": "xemacs-gnuemacs-flc-code-execution(42362)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2008-5504",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00782.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.rpath.com/browse/RPL-2529"
},
{
"name": "ADV-2008-1539",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1539/references"
},
{
"name": "20080527 rPSA-2008-0177-1 emacs emacs-leim",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/492657/100/0/threaded"
},
{
"name": "30827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30827"
},
{
"name": "1020019",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020019"
},
{
"name": "SUSE-SR:2008:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "30199",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=221197"
},
{
"name": "30303",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30303"
},
{
"name": "GLSA-200902-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200902-06.xml"
},
{
"name": "30216",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30216"
},
{
"name": "MDVSA-2008:154",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:154"
},
{
"name": "29176",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29176"
},
{
"name": "MDVSA-2008:153",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0177"
},
{
"name": "34004",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34004"
},
{
"name": "[emacs-devel] 20080510 [mwelinder@bogus.example.com: Emacs security bug]",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.gnu.org/archive/html/emacs-devel/2008-05/msg00645.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://thread.gmane.org/gmane.emacs.devel/96903"
},
{
"name": "FEDORA-2008-5446",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00736.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tracker.xemacs.org/XEmacs/its/issue378"
},
{
"name": "ADV-2008-1540",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1540/references"
},
{
"name": "30581",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30581"
},
{
"name": "xemacs-gnuemacs-flc-code-execution(42362)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-5504",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00782.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-2529",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2529"
},
{
"name": "ADV-2008-1539",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1539/references"
},
{
"name": "20080527 rPSA-2008-0177-1 emacs emacs-leim",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492657/100/0/threaded"
},
{
"name": "30827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30827"
},
{
"name": "1020019",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020019"
},
{
"name": "SUSE-SR:2008:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"name": "30199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30199"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=221197",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=221197"
},
{
"name": "30303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30303"
},
{
"name": "GLSA-200902-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200902-06.xml"
},
{
"name": "30216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30216"
},
{
"name": "MDVSA-2008:154",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:154"
},
{
"name": "29176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29176"
},
{
"name": "MDVSA-2008:153",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:153"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0177",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0177"
},
{
"name": "34004",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34004"
},
{
"name": "[emacs-devel] 20080510 [mwelinder@bogus.example.com: Emacs security bug]",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/emacs-devel/2008-05/msg00645.html"
},
{
"name": "http://thread.gmane.org/gmane.emacs.devel/96903",
"refsource": "MISC",
"url": "http://thread.gmane.org/gmane.emacs.devel/96903"
},
{
"name": "FEDORA-2008-5446",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00736.html"
},
{
"name": "http://tracker.xemacs.org/XEmacs/its/issue378",
"refsource": "MISC",
"url": "http://tracker.xemacs.org/XEmacs/its/issue378"
},
{
"name": "ADV-2008-1540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1540/references"
},
{
"name": "30581",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30581"
},
{
"name": "xemacs-gnuemacs-flc-code-execution(42362)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2142",
"datePublished": "2008-05-12T19:00:00",
"dateReserved": "2008-05-12T00:00:00",
"dateUpdated": "2024-08-07T08:49:58.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0191
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:14
Severity ?
EPSS score ?
Summary
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2001-011.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.redhat.com/support/errata/RHSA-2001-010.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6056 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:06.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2001:011",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-011.html"
},
{
"name": "RHSA-2001:010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-010.html"
},
{
"name": "MDKSA-2001:019",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3"
},
{
"name": "gnuserv-tcp-cookie-overflow(6056)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6056"
},
{
"name": "20010202 Remote vulnerability in gnuserv/XEmacs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2001:011",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-011.html"
},
{
"name": "RHSA-2001:010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-010.html"
},
{
"name": "MDKSA-2001:019",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3"
},
{
"name": "gnuserv-tcp-cookie-overflow(6056)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6056"
},
{
"name": "20010202 Remote vulnerability in gnuserv/XEmacs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2001:011",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-011.html"
},
{
"name": "RHSA-2001:010",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-010.html"
},
{
"name": "MDKSA-2001:019",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3"
},
{
"name": "gnuserv-tcp-cookie-overflow(6056)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6056"
},
{
"name": "20010202 Remote vulnerability in gnuserv/XEmacs",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0191",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-03-08T00:00:00",
"dateUpdated": "2024-08-08T04:14:06.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0100
Vulnerability from cvelistv5
Published
2005-02-08 05:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:41.179Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9408",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9408"
},
{
"name": "DSA-671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-671"
},
{
"name": "FLSA-2006:152898",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433928/30/5010/threaded"
},
{
"name": "DSA-670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-670"
},
{
"name": "20050207 [USN-76-1] Emacs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780416112719\u0026w=2"
},
{
"name": "RHSA-2005:110",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-110.html"
},
{
"name": "DSA-685",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-685"
},
{
"name": "xemacs-movemail-format-string(19246)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19246"
},
{
"name": "RHSA-2005:133",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-133.html"
},
{
"name": "RHSA-2005:112",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-112.html"
},
{
"name": "12462",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12462"
},
{
"name": "MDKSA-2005:038",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oval:org.mitre.oval:def:9408",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9408"
},
{
"name": "DSA-671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-671"
},
{
"name": "FLSA-2006:152898",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/433928/30/5010/threaded"
},
{
"name": "DSA-670",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-670"
},
{
"name": "20050207 [USN-76-1] Emacs vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110780416112719\u0026w=2"
},
{
"name": "RHSA-2005:110",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-110.html"
},
{
"name": "DSA-685",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-685"
},
{
"name": "xemacs-movemail-format-string(19246)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19246"
},
{
"name": "RHSA-2005:133",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-133.html"
},
{
"name": "RHSA-2005:112",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-112.html"
},
{
"name": "12462",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12462"
},
{
"name": "MDKSA-2005:038",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:038"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9408",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9408"
},
{
"name": "DSA-671",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-671"
},
{
"name": "FLSA-2006:152898",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/433928/30/5010/threaded"
},
{
"name": "DSA-670",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-670"
},
{
"name": "20050207 [USN-76-1] Emacs vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110780416112719\u0026w=2"
},
{
"name": "RHSA-2005:110",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-110.html"
},
{
"name": "DSA-685",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-685"
},
{
"name": "xemacs-movemail-format-string(19246)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19246"
},
{
"name": "RHSA-2005:133",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-133.html"
},
{
"name": "RHSA-2005:112",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-112.html"
},
{
"name": "12462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12462"
},
{
"name": "MDKSA-2005:038",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:038"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0100",
"datePublished": "2005-02-08T05:00:00",
"dateReserved": "2005-01-18T00:00:00",
"dateUpdated": "2024-08-07T20:57:41.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2005-02-07 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:emacs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18656642-C693-4BFD-A708-BCBFB5965C2C",
"versionEndIncluding": "20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA95B19B-F35D-4644-9E75-5A138A960C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:xemacs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C335DC66-8037-4457-942A-9F6B83333BAF",
"versionEndIncluding": "21.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets."
}
],
"id": "CVE-2005-0100",
"lastModified": "2024-11-20T23:54:25.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-07T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110780416112719\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-670"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-671"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-685"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:038"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-110.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-112.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-133.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/433928/30/5010/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/12462"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19246"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110780416112719\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-670"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2005/dsa-685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-110.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-112.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-133.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/433928/30/5010/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/12462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9408"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-05-12 19:20
Modified
2024-11-21 00:46
Severity ?
Summary
Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:emacs:21.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE5CB6EB-74D8-4CA8-8B86-08E06859E2E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gnu:xemacs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE9B14A7-78B9-4229-A165-32C1438EC9C8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Emacs 21 and XEmacs automatically load and execute .flc (fast lock) files that are associated with other files that are edited within Emacs, which allows user-assisted attackers to execute arbitrary code."
},
{
"lang": "es",
"value": "Emacs versi\u00f3n 21 y XEmacs cargan y ejecutan autom\u00e1ticamente archivos .flc (fast lock) que est\u00e1n asociados con otros archivos que son editados en Emacs, lo que permite a los atacantes asistidos por el usuario ejecutar c\u00f3digo arbitrario."
}
],
"id": "CVE-2008-2142",
"lastModified": "2024-11-21T00:46:11.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-05-12T19:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.gnu.org/archive/html/emacs-devel/2008-05/msg00645.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30199"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30216"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30303"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30581"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30827"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34004"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200902-06.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://thread.gmane.org/gmane.emacs.devel/96903"
},
{
"source": "cve@mitre.org",
"url": "http://tracker.xemacs.org/XEmacs/its/issue378"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0177"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:153"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:154"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/492657/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29176"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020019"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1539/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1540/references"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=221197"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42362"
},
{
"source": "cve@mitre.org",
"url": "https://issues.rpath.com/browse/RPL-2529"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00736.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00782.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.gnu.org/archive/html/emacs-devel/2008-05/msg00645.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200902-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://thread.gmane.org/gmane.emacs.devel/96903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tracker.xemacs.org/XEmacs/its/issue378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/492657/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020019"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1539/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1540/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=221197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.rpath.com/browse/RPL-2529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00736.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00782.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-05-03 04:00
Modified
2024-11-20 23:34
Severity ?
Summary
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| andynorman | gnuserv | * | |
| gnu | xemacs | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:andynorman:gnuserv:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4790A32-AE7A-4A2B-840B-FD0367FBCD4B",
"versionEndExcluding": "3.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:xemacs:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB8DC9D-6378-4650-90B2-A80982681EB8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length."
}
],
"id": "CVE-2001-0191",
"lastModified": "2024-11-20T23:34:48.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-010.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-011.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch"
],
"url": "http://www.redhat.com/support/errata/RHSA-2001-011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6056"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}