Detections
Analytics

FreeBSD : emacs -- enriched text remote code execution vulnerability (47e2e52c-975c-11e7-942d-5404a68a61a2)

high Nessus Plugin ID 103152

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Paul Eggert reports :

Charles A. Roelli has found a security flaw in the enriched mode in GNU Emacs.

When Emacs renders MIME text/enriched data (Internet RFC 1896), it is vulnerable to arbitrary code execution. Since Emacs-based mail clients decode 'Content-Type: text/enriched', this code is exploitable remotely. This bug affects GNU Emacs versions 19.29 through 25.2.

Solution

Update the affected packages.

See Also

https://seclists.org/oss-sec/2017/q3/422

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350

http://www.nessus.org/u?224e1c75

Plugin Details

Severity: High

ID: 103152

File Name: freebsd_pkg_47e2e52c975c11e7942d5404a68a61a2.nasl

Version: 3.6

Type: local

Published: 9/13/2017

Updated: 1/4/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:emacs-devel, p-cpe:/a:freebsd:freebsd:emacs-nox11, p-cpe:/a:freebsd:freebsd:emacs25, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 9/12/2017

Vulnerability Publication Date: 9/4/2017