Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Emacs | Gnu | * | 20.0 (including) |
| Emacs | Gnu | 21.3 (including) | 21.3 (including) |
| Xemacs | Gnu | * | 21.4 (including) |
| Red Hat Enterprise Linux 3 | RedHat | emacs-0:21.3-4.1 | * |
| Red Hat Enterprise Linux 3 | RedHat | xemacs-0:21.4.13-8.ent.1 | * |
| Red Hat Enterprise Linux 4 | RedHat | emacs-0:21.3-19.EL.1 | * |
| Red Hat Enterprise Linux 4 | RedHat | xemacs-0:21.4.15-10.EL.1 | * |
| Emacs21 | Ubuntu | dapper | * |
| Emacs21 | Ubuntu | devel | * |
| Emacs21 | Ubuntu | edgy | * |
| Emacs21 | Ubuntu | feisty | * |
| Xemacs21 | Ubuntu | dapper | * |
| Xemacs21 | Ubuntu | devel | * |
| Xemacs21 | Ubuntu | edgy | * |
| Xemacs21 | Ubuntu | feisty | * |
References
- http://marc.info/?l=bugtraq\u0026m=110780416112719\u0026w=2
- http://www.debian.org/security/2005/dsa-670
- http://www.debian.org/security/2005/dsa-671
- http://www.debian.org/security/2005/dsa-685
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:038
- http://www.redhat.com/support/errata/RHSA-2005-110.html
- http://www.redhat.com/support/errata/RHSA-2005-112.html
- http://www.redhat.com/support/errata/RHSA-2005-133.html
- http://www.securityfocus.com/archive/1/433928/30/5010/threaded
- http://www.securityfocus.com/bid/12462
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19246
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9408
- http://marc.info/?l=bugtraq\u0026m=110780416112719\u0026w=2
- http://www.debian.org/security/2005/dsa-670
- http://www.debian.org/security/2005/dsa-671
- http://www.debian.org/security/2005/dsa-685
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:038
- http://www.redhat.com/support/errata/RHSA-2005-110.html
- http://www.redhat.com/support/errata/RHSA-2005-112.html
- http://www.redhat.com/support/errata/RHSA-2005-133.html
- http://www.securityfocus.com/archive/1/433928/30/5010/threaded
- http://www.securityfocus.com/bid/12462
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19246
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9408