Description
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
References (13)
Core 13
Core References
Patch mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/01/10/2
Product mailing-list
x_refsource_mlist
http://sourceforge.net/mailarchive/message.php?msg_id=28657612
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47311
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201812-05
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50801
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/01/10/4
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47515
Product mailing-list
x_refsource_mlist
http://sourceforge.net/mailarchive/message.php?msg_id=28649762
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1586-1
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:076
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072285.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/072288.html
Patch mailing-list
x_refsource_mlist
http://lists.gnu.org/archive/html/emacs-devel/2012-01/msg00387.html
Scores
EPSS
0.0403
EPSS Percentile
88.6%
Details
Status
published
Products (24)
eric_m_ludlam/cedet
1.0 beta1 (9 CPE variants)
eric_m_ludlam/cedet
< 1.0
gnu/emacs
20.0
gnu/emacs
20.1
gnu/emacs
20.2
gnu/emacs
20.3
gnu/emacs
20.4
gnu/emacs
20.5
gnu/emacs
20.6
gnu/emacs
20.7
... and 14 more
Published
Jan 19, 2012
Tracked Since
Feb 18, 2026