CVE-2010-0825
GNU Emacs 22 and 23 - Arbitrary Mailbox File Manipulation via Symlink Attack
Title source: llmDescription
lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:083
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57457
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-919-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39155
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0734
Issue Tracking x_refsource_confirm
https://bugs.launchpad.net/ubuntu/+bug/531569
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0952
Scores
EPSS
0.0012
EPSS Percentile
30.1%
Details
CWE
CWE-264
Status
published
Products (4)
gnu/emacs
22.1
gnu/emacs
22.2
gnu/emacs
22.3
gnu/emacs
23.1
Published
Apr 05, 2010
Tracked Since
Feb 18, 2026