News
Vigil@nce: Emacs, CEDET, code execution via EDE
January 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can invite the victim to open with Emacs a file, located in a directory containing a malicious EDE project, in order to execute Lisp code on his computer.
Severity: 2/4
Creation date: 10/01/2012
IMPACTED PRODUCTS
Fedora
Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The CEDET (Collection of Emacs Development Environment Tools) suite contains Emacs tools for development. These tools (EDE) were integrated in the official Emacs distribution, and are used when the "global-ede-mode" mode is set via "(setq global-ede-mode t)".
When EDE is enabled, and when the user opens a file with Emacs, EDE searches a "Project.ede" file in the current directory, and in parent directories. This "Project.ede" file contains Lisp code indicating the project compilation procedure. However, EDE runs the Lisp code without warning the user, and even if the user opens a file not belonging to a development directory.
An attacker can therefore invite the victim to open with Emacs a file, located in a directory containing a malicious EDE project, in order to execute Lisp code on his computer.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
