P-123: Emacs20 Privacy and Legal Notice

CIAC INFORMATION BULLETIN

P-123: Emacs20

[Debian Security Advisory DSA-670-1]

 February 8, 2005 18:00 GMT
[REVISED 11 Feb 2005]
[REVISED 17 Feb 2005]
[REVISED 22 Feb 2005]
[REVISED 11 Mar 2005]
PROBLEM: There are several format string vulnerabilities in the movemail utility of Emacs, the well-known editor.
PLATFORM: Debian GNU/Linux 3.0 alias woody
Red Hat Desktop (v. 3) & (v. 4)
Red Hat Enterprise Linux AS, ES, WS (v. 2.1) & (v. 3) & (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SGI Advanced Linux Environment 3 for Patch 10144 for SGI ProPack 3 Service Pack 4
DAMAGE: An attacker can execute arbitrary code under the privileges of group mail.
SOLUTION: Upgrade to the appropriate package.
VULNERABILITY
ASSESSMENT:		 The risk is LOW. An attacker can execute arbitrary code under the privileges of group mail.
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/p-123.shtml
  ORIGINAL BULLETIN: Debian Security Advisory DSA-670-1
   http://www.debian.org/security/2005/dsa-670
  ADDITIONAL LINKS: Debian Security Advisory 671-1
http://www.debian.org/security/2005/dsa-671
   Red Hat RHSA-2005:112-03
https://rhn.redhat.com/errata/RHSA-2005-112.html
Debian Security Advisory DSA 685-1
http://www.debian.org/security/2005/dsa-685
Red Hat Security Advisory RHSA-2005:110-06
https://rhn.redhat.com/errata/RHSA-2005-110.html
Red Hat Security Advisory RHSA-2005:133-05
https://rhn.redhat.com/errata/RHSA-2005-133.html
   SGI Security Advisory 20050207-01-U Security Update #27
http://www.sgi.com/support/security/advisories.html
  CVE/CAN: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2005-0100 
REVISION HISTORY:
	02/11/2005 - revised to add a link to Red Hat RHSA-2005:112-03 for Red Hat 
	             Desktop (v. 3), Red Hat Enterprise Linux AS, ES, WS (v. 2.1) & 
	             (v. 3), and Red Hat Linux Advanced Workstation 2.1 for the Itanium 
	             Processor.
	02/17/2005 - added link to Debian Security Advisory DSA-685-1 that provides
	             updated packages for this vulnerability.
	02/22/2005 - added links to Red Hat Security Advisories RHSA-2005:110 and
	             RHSA-2005:133 that provide updated packages for Red Hat version 4.
	03/11/2005 - revised to add a link to SGI Security Advisory 20050207-01-U SGI 
                 Advanced Linux Environment 3 Security Update #27 for Patch 10144 
				 for SGI ProPack 3 Service Pack 4.
				 
				 			 
				 
[***** Start Debian Security Advisory DSA-670-1 *****]

Debian Security Advisory
DSA-670-1 emacs20 -- format string
Date Reported: 
08 Feb 2005 
Affected Packages: 
emacs20 
Vulnerable: 
Yes 
Security database references: 
In Mitre's CVE dictionary: CAN-2005-0100.

More information: 
Max Vozeler discovered several format string vulnerabilities in the movemail utility of Emacs, the well-known
editor. Via connecting to a malicious POP server an attacker can execute arbitrary code under the privileges 
of group mail.

For the stable distribution (woody) these problems have been fixed in version 20.7-13.3.

The unstable distribution (sid) does not contain an Emacs20 package anymore.

We recommend that you upgrade your emacs packages.

Fixed in: 
Debian GNU/Linux 3.0 (woody)
Source: 
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3.dsc

http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3.diff.gz

http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7.orig.tar.gz

Architecture-independent component: 
http://security.debian.org/pool/updates/main/e/emacs20/emacs20-el_20.7-13.3_all.deb

Alpha: 
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_alpha.deb

ARM: 
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_arm.deb

Intel IA-32: 
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_i386.deb

Intel IA-64: 
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_ia64.deb

HPPA: 
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_hppa.deb

Motorola 680x0: 
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_m68k.deb

Big endian MIPS: 
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_mips.deb

Little endian MIPS: 
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_mipsel.deb

PowerPC: 
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_powerpc.deb

IBM S/390: 
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_s390.deb

Sun Sparc: 
http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13.3_s390.deb

MD5 checksums of the listed files are available in the original advisory.


[***** End Debian Security Advisory DSA-670-1 *****]
CIAC wishes to acknowledge the contributions of Debian for the information contained in this bulletin.
DOE-CIRC can be contacted at: 
    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/