{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-04-08T00:00:00", "descriptions": [{"lang": "en", "value": "vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-03T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "USN-607-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/607-1/"}, {"name": "29905", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29905"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=208483"}, {"name": "MDVSA-2008:096", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:096"}, {"name": "ADV-2008-1309", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1309/references"}, {"name": "1019909", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019909"}, {"name": "29926", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29926"}, {"name": "30109", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30109"}, {"name": "xemacs-gnuemacs-vcdiff-symlink(41906)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41906"}, {"name": "28857", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28857"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=216880"}, {"name": "ADV-2008-1310", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1310/references"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1694", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "USN-607-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/607-1/"}, {"name": "29905", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29905"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=208483", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=208483"}, {"name": "MDVSA-2008:096", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:096"}, {"name": "ADV-2008-1309", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1309/references"}, {"name": "1019909", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019909"}, {"name": "29926", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29926"}, {"name": "30109", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30109"}, {"name": "xemacs-gnuemacs-vcdiff-symlink(41906)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41906"}, {"name": "28857", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28857"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=216880", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=216880"}, {"name": "ADV-2008-1310", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1310/references"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:32:01.247Z"}, "title": "CVE Program Container", "references": [{"name": "USN-607-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/607-1/"}, {"name": "29905", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29905"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=208483"}, {"name": "MDVSA-2008:096", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:096"}, {"name": "ADV-2008-1309", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1309/references"}, {"name": "1019909", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1019909"}, {"name": "29926", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29926"}, {"name": "30109", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30109"}, {"name": "xemacs-gnuemacs-vcdiff-symlink(41906)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41906"}, {"name": "28857", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/28857"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=216880"}, {"name": "ADV-2008-1310", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1310/references"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1694", "datePublished": "2008-04-21T20:00:00", "dateReserved": "2008-04-08T00:00:00", "dateUpdated": "2024-08-07T08:32:01.247Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:emacs:20.7:*:*:*:*:*:*:*", "matchCriteriaId": "0AFE5D6E-1979-4CF2-ACE0-BB6F31F80434", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.1:*:*:*:*:*:*:*", "matchCriteriaId": "05BDDB87-0AFF-4BDC-995A-94F221ED3641", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9ADBEE6-3B38-4284-B9F8-37F7FFEBDE81", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.3:*:*:*:*:*:*:*", "matchCriteriaId": "EA95B19B-F35D-4644-9E75-5A138A960C10", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:emacs:21.4:*:*:*:*:*:*:*", "matchCriteriaId": "FC7E9FE5-E87C-440B-A16E-327501BC8977", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:sccs:*:*:*:*:*:*:*:*", "matchCriteriaId": "08A58299-6BEC-4A2D-ACFB-904B43851D39", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files."}, {"lang": "es", "value": "vcdiff en Emacs 20.7 a 22.1.50, cuando es utilizado con SCCS, permite a usuarios locales sobrescribir ficheros de su elecci\u00f3n a trav\u00e9s de un ataque symlink en ficheros temporales."}], "id": "CVE-2008-1694", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-22T04:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://bugs.gentoo.org/show_bug.cgi?id=216880"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29905"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/29926"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30109"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:096"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/28857"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1019909"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1309/references"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1310/references"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=208483"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41906"}, {"source": "cve@mitre.org", "url": "https://usn.ubuntu.com/607-1/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.gentoo.org/show_bug.cgi?id=216880"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29905"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/29926"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30109"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:096"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/28857"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id?1019909"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1309/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1310/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=208483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://usn.ubuntu.com/607-1/"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1694\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/", "lastModified": "2008-05-01T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "emacs insecure /tmp file usage", "id": "208483", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=208483"}, "csaw": false, "cwe": "CWE-377", "details": ["vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files."], "name": "CVE-2008-1694", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "emacs", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2008-04-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-1694\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-1694"], "statement": "Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Low"}