CVE-2000-0270 in Emacs
Summary
by MITRE
The make-temp-name Lisp function in Emacs 20 creates temporary files with predictable names, which allows attackers to conduct a symlink attack.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 04/21/2026
The vulnerability described in CVE-2000-0270 represents a critical security flaw in the Emacs text editor version 20 where the make-temp-name Lisp function generates temporary file names using predictable patterns. This weakness enables malicious actors to exploit symlink attacks by creating symbolic links with predetermined names that match the expected temporary file locations. The vulnerability stems from insufficient randomization in the temporary file naming mechanism, which violates fundamental security principles for temporary file handling.
The technical implementation of this flaw occurs within the Lisp scripting environment of Emacs where the make-temp-name function is designed to create temporary file names for various operations including file manipulation and system interactions. When Emacs generates these temporary files, it uses a naming convention that can be easily predicted by an attacker who has access to the system. This predictability allows adversaries to establish symbolic links in the expected temporary file locations before the legitimate temporary file creation process occurs, effectively enabling a race condition attack scenario.
The operational impact of this vulnerability extends beyond simple privilege escalation as it can be exploited to perform various malicious activities including arbitrary code execution, data manipulation, and information disclosure. Attackers can leverage this weakness to replace legitimate temporary files with malicious content, potentially compromising the integrity of the system and the confidentiality of user data. The vulnerability affects all systems running Emacs 20 where the make-temp-name function is invoked, particularly in environments where multiple users share the same system or where Emacs is used with elevated privileges.
This vulnerability aligns with CWE-377, which addresses insecure temporary file creation practices, and demonstrates characteristics consistent with ATT&CK technique T1548.001 related to privilege escalation through symlink attacks. The flaw violates security best practices outlined in the Open Web Application Security Project (OWASP) guidelines for secure file handling and temporary file management. Organizations using Emacs 20 should immediately implement mitigations including upgrading to patched versions of the software, implementing proper temporary file permissions, and ensuring that symbolic link attacks are prevented through proper system hardening measures. The vulnerability also highlights the importance of proper randomization in temporary file naming and the necessity of implementing secure coding practices that prevent predictable resource allocation patterns.