Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: Emacs, code execution via emacs.py

September 2008 by Vigil@nce

A local attacker can create the emacs.py file in order to execute code with privileges of the Emacs user.

- Gravity: 1/4
- Consequences: user access/rights
- Provenance: user shell
- Means of attack: 1 attack
- Ability of attacker: technician (2/4)
- Confidence: confirmed by the editor (5/5)
- Diffusion of the vulnerable configuration: medium (2/3)
- Creation date: 09/09/2008
- Identifier: VIGILANCE-VUL-8096

IMPACTED PRODUCTS

- Unix - plateform

DESCRIPTION

The Emacs editor supports the Python language:
- the "run-python" command executes a Python program
- in "eldoc-mode" mode, the command "run-python" is called when a Python file is opened

When "run-python" is executed, the "emacs.py" configuration file is searched and automatically run. However, this file is first searched in the current directory.

An attacker can therefore create an "emacs.py" file in a directory, and invite the victim to open a Python file in this same directory, in order to force the code from "emacs.py" to be executed.

CHARACTERISTICS

- Identifiers: BID-31052, VIGILANCE-VUL-8096
- Url: https://vigilance.aql.fr/tree/1/8096




See previous articles

    

See next articles