CVE Vulnerabilities


Improper Link Resolution Before File Access ('Link Following')

Published: May 08, 2014 | Modified: Jun 30, 2016
CVSS 3.x
CVSS 2.x
3.3 LOW
2.1 LOW

lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.


The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name Vendor Start Version End Version
Mageia Mageia_project 3 3
Mageia Mageia_project 4 4
Emacs-snapshot Ubuntu lucid *
Emacs22 Ubuntu lucid *
Emacs23 Ubuntu lucid *
Emacs23 Ubuntu precise *
Emacs23 Ubuntu quantal *
Emacs23 Ubuntu saucy *
Emacs23 Ubuntu trusty *
Emacs23 Ubuntu utopic *
Emacs24 Ubuntu trusty *
Emacs24 Ubuntu upstream *
Xemacs21 Ubuntu lucid *
Xemacs21-packages Ubuntu artful *
Xemacs21-packages Ubuntu lucid *
Xemacs21-packages Ubuntu precise *
Xemacs21-packages Ubuntu quantal *
Xemacs21-packages Ubuntu saucy *
Xemacs21-packages Ubuntu trusty *
Xemacs21-packages Ubuntu utopic *
Xemacs21-packages Ubuntu vivid *
Xemacs21-packages Ubuntu wily *
Xemacs21-packages Ubuntu yakkety *
Xemacs21-packages Ubuntu zesty *

Potential Mitigations

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.